Securonix has identified Deep#Door, a stealthy Python-based backdoor that gives attackers persistent remote command execution and extensive surveillance on Windows systems. The threat uses embedded Python in batch scripts, disables security controls, establishes multi-layered persistence, and employs advanced in-memory and evasion techniques to remain covert and resilient. #DeepDoor #Windows
Keypoints
- Deep#Door is a Python-based backdoor that provides persistent remote command execution and surveillance on Windows machines.
- Infection starts with a batch script that disables security features and embeds the Python payload for stealthy delivery.
- Persistence is achieved via Run registry modifications, scheduled tasks, Startup folder scripts, and service-mimicking directories.
- Advanced evasion includes AMSI/ETW patching, ntdll unhooking, sandbox/VM checks, in-memory reconstruction, and dynamic port construction with public tunneling.
- Capabilities range from shell and file operations to keylogging, credential harvesting, webcam/microphone capture, and destructive actions like MBR overwrite and forced crashes.
Read More: https://www.securityweek.com/sophisticated-deepdoor-backdoor-enables-espionage-disruption/