Backdoor.ASP.WEBSHELL.X

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Ejecuta comandos desde un usuario remoto malicioso que pone en peligro el sistema afectado.

Detalles de entrada

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Rutina de puerta trasera

Ejecuta los comandos siguientes desde un usuario remoto malicioso:

• Execute Arbitrary commands
• Execute SQL commands
• Browse files and directories on the web server.
• Upload files to the server.
• Download files from the server.
• Create new files and directories.
• Edit existing files.
• Delete files and directories.
• Change file attributes (read-only, hidden, system, archive).

Robo de información

Recopila los siguientes datos:

• Server IP address
• Machine name
• Network name
• Running user's name
• Operating system version
• Server uptime and current time
• IIS (web server) version
• HTTPS status
• Request paths
• Server port
• Session ID

Otros detalles

Hace lo siguiente:

• It receives arbitrary commands passed through its request parameter.
• It requires login credential to access its functionalities.
• It navigates to the specified website when the 'lake' hyperlink is clicked.
  • http://{BLOCKED}2.0x54.org