Massive Malware Serving Campaign Abuses Portmap A Web Based Port Forwarding Solution – An Analysis

Dear blog readers,
In this post I’ve decided to further profile a currently circulating malicious software and njRAT malware dropping campaign that’s using a popular port forwarding solution as a C&C server with the idea to provide everyone with the necessary situational awareness and technical details regarding the campaign.
Sample campaign C&C and associated domains analysis:
MD5: d8191eee2d99a00cb664d100ffc73b9c
hxxp://enderop44-36084.portmap.host – 193.161.193.99 
URL: hxxp://www.cofo.ga/a/KeyOneA.exe
Botnet C&C: hxxp://cofo.ga – hxxp://52.70.248.161; hxxp://193.161.193.99
Sample screenshots include:

Sample VirusTotal Graph regarding the malicious campaign:

Stay tuned!

Leave a Reply

Your email address will not be published. Required fields are marked *

Unit-123.org E-shop Owner Information

Who is Dancho Danchev?

Unit-123.org

Focused on delivering daily batches of personally-produced never-ending supply of high-quality and never-published and released before classified and sensitive Intelligence Deliverables.

Latest Products