Created
22nd January 2024
Updated
23rd January 2024
A PHP backdoor/dropper that would have grabbed a trojan, dropped it onto the server in random directories appearing as 'about.php', and then performed an email beacon to an email address (loggershell443 at gmail dot com) to notify of success.
Read Luke Leal's full breakdown, as I won't be able to do better than this!