Backdoor.Java.WEBSHELL.SBJKWD

This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

It does not have any propagation routine.

It executes commands from a remote malicious user, effectively compromising the affected system.

Arrival Details

This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Propagation

This Backdoor does not have any propagation routine.

Backdoor Routine

This Backdoor executes the following commands from a remote malicious user:

• List root directories
• List files in a directory
• Create files
• Create directories
• Read file contents
• Write data to a file
• Copy files or directories
• Rename files or directories
• Delete files or directories
• Set last modified time to files
• Download files
• Download files from URL
• List database catalogs
• List database tables
• List table columns
• Execute database query
• Execute arbitrary commands

Rootkit Capabilities

This Backdoor does not have rootkit capabilities.

Information Theft

This Backdoor gathers the following data:

• Web server information
• Directories of the server's filesystem
• Files and subdirectories within a specified directory
• Contents of a specified file
• Output of arbitrary commands
• Lists of available database catalogs and tables
• Lists of columns of a specified database table
• Result of database query

Other Details

This Backdoor does the following:

• It requires a password to be accessed by users.

It requires being hosted on a web server in order to proceed with its intended routine.