Author: Joachim Suico   
 

Backdoor.ASP.WebAdmin.h (Kaspersky); Trojan.Explod!g3 (Norton); Troj/Aspdoor-C (Sophos Lite)

 PLATFORM:

Windows

 OVER ALL RISK RATING:
 DAMAGE POTENTIAL::
 DISTRIBUTION POTENTIAL::
 REPORTED INFECTION:
 INFORMATION EXPOSURE:
Low
Medium
High
Critical

  • Threat Type:
    Backdoor

  • Destructiveness:
    No

  • Encrypted:
    No

  • In the wild::
    Yes

  OVERVIEW

Puede haberlo infiltrado otro malware.

Ejecuta comandos desde un usuario remoto malicioso que pone en peligro el sistema afectado.

  TECHNICAL DETAILS

File size: 177,544 bytes
File type: HTML, HTM
Memory resident: No
INITIAL SAMPLES RECEIVED DATE: 30 марта 2015

Detalles de entrada

Puede haberlo infiltrado otro malware.

Rutina de puerta trasera

Ejecuta los comandos siguientes desde un usuario remoto malicioso:

  • Enumerate/list directories
  • Query system information
  • Perform network operations (HTTP finger, POP3, FTP)
  • Query server local groups and users
  • Query network information (IDs, IP addresses, server name)
  • Scan for port information
  • Brute force POP3 and FTP connections
  • Execute shell command
  • List, start, and kill processes
  • Query process information
  • List, start, and kill services
  • Query service information
  • List application event logs
  • List system event logs
  • Perform database operations (SQL)
  • Perform file operations
  • Upload/download files

Rutina de descarga

Accede a los siguientes sitios Web para descargar archivos:

  • http://swamp.{BLOCKED}s.net/fizzgig/fgdump/fgdump-2.1.0.zip (downloads a password dumping utility)