Massive Malware Serving Campaign Abuses Portmap A Web Based Port Forwarding Solution – An Analysis

Dear blog readers,
In this post I’ve decided to further profile a currently circulating malicious software and njRAT malware dropping campaign that’s using a popular port forwarding solution as a C&C server with the idea to provide everyone with the necessary situational awareness and technical details regarding the campaign.
Sample campaign C&C and associated domains analysis:
MD5: d8191eee2d99a00cb664d100ffc73b9c
hxxp:// – 
URL: hxxp://
Botnet C&C: hxxp:// – hxxp://; hxxp://
Sample screenshots include:

Sample VirusTotal Graph regarding the malicious campaign:

Stay tuned!

Leave a Reply

Your email address will not be published. Required fields are marked * E-shop Owner Information

Who is Dancho Danchev?

Focused on delivering daily batches of personally-produced never-ending supply of high-quality and never-published and released before classified and sensitive Intelligence Deliverables.

Latest Products