wp-adminIDBTE4M BOT V87

IDBTE4M BOT V87

IDBTE4M BOT V87 is a PHP shell that has a rarely good mailer function which is hard to detect because it uses random [email protected] for sending SPAM:

w5yLmE8qe2 1024x645 - IDBTE4M BOT V87 🤖
emails sent from IDBTE4M BOT V87

source code:

when accessed publically the IDBTE4M BOT V87 shell gives a blank page, but with a POST request containing the random password, the shell looks like this:

slack i1bwY7vqY2 - IDBTE4M BOT V87 🤖

After the wp site was hacked, an email was sent to [email protected] and [email protected] containing the script and random password to access it.

subject:

Linux srvX.XXXXXXXXXX.com 3.10.0-962.3.2.lve1.5.44.3.el7.x86_64 #1 SMP Mon Feb 22 04:35:33 EST 2021 x86_64


body:

IDBTE4M BOT V87  
 98.126.23.18
http://XXXX.XXXXXXXXXXXXXXXXXXX.com/3index.php?f=/NmRtJOUjAdutReQj/scRjKUhleBpzmTyO.txt
/home/XXXXXXXXXX/XXXX.XXXXXXXXXXXXXXXXXXX.co
V-9ND7F>AI;q!ztUhbxFU*AXfx_EDQCnl-l2hLCkDDa>NMOq;?$+B!rh|!&_

For removing this IDBTE4M BOT V87 malware and further increasing the security of your WordPress website follow this guide:

Here is a list of all the files that were found by ImunifyAV on this cpanel account: https://github.com/stefanpejcic/wordpress-malware/tree/master/07-02-2022

Make sure not to leave any active processes and cronjobs for the cpanel user:

chrome 2v5YBsdWYa 1024x125 - IDBTE4M BOT V87 🤖
chrome nLMpRjbLxi - IDBTE4M BOT V87 🤖
See also  How to Clean 🔴 cofounderspecials.com Malware

Was this post helpful?

Leave a Comment

I enjoy constructive responses and professional comments to my posts, and invite anyone to comment or link to my site.

Recommended