njrat botnet controller @20.194.35.6

The host at this IP address is obviously operated by cybercriminals. It is running a malware botnet controller which is being used to control infected computers (bots) around the globe using a trojan horse.

Malware botnet controller located at 20.194.35.6 on port 7904 TCP:
$ telnet 20.194.35.6 7904
Trying 20.194.35.6…
Connected to 20.194.35.6.
Escape character is ‘^]’

Other malicious domain names hosted on this IP address:
backu4734.duckdns.org 20.194.35.6 (resolved via 8.8.8.8)
bitmoney332.duckdns.org 20.194.35.6
mback5338.duckdns.org 20.194.35.6 (resolved via 8.8.8.8)

Referencing malware samples (MD5 hash):
36b03f5b56b9c0c50cd1c233d01aacbf — AV detection: 22 / 69 (31.88%)
3955dbf0cd5c45a9a045099163227dfe — AV detection: 28 / 70 (40.00%)
40fef8000002ff8b153914c69623f808 — AV detection: 20 / 68 (29.41%)
43aea2faccd00211159c37126b878d1d — AV detection: 35 / 69 (50.72%)
5bd555b8693016f461d940a04e984184 — AV detection: 45 / 70 (64.29%)
7278ba364411cb8f525fb489f7ebea1e — AV detection: 52 / 69 (75.36%)
8cf0c65f06309e62448877c27675ed38 — AV detection: 46 / 68 (67.65%)
8f2dfb707c448c82e594d153e3187bfb — AV detection: 37 / 68 (54.41%)
a413753e53366542a825e733692fb7ca — AV detection: 40 / 69 (57.97%)
abbb4244329d47f498415c7038e9e5f6 — AV detection: 36 / 67 (53.73%)
f144d0fa0fcc02d86cdd4fa1b8a0ee77 — AV detection: 36 / 70 (51.43%)

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *