Saitama Backdoor

Saitama backdoor is the name of a newly discovered piece of malware, coded and compiled in .Net. As the name suggests, Saitama operates like a backdoor.

The malware is distributed as an executable file, named "Saitama.Agent.exe". The backdoor allows its malicious operators to infiltrate target systems, establish some sort of persistence allowing it to run every time the computer is rebooted, and receive commands from the C2 server owned by the hackers.

Saitama allows access to 20 remote commands and gives its operators the ability to scrape information from the target system, then exfiltrate it back to the command and control server.

Backdoors with sufficient capabilities allow hackers to drop further malware onto the compromised systems and install various additional malicious tools. Those can range from cryptominers to keyloggers, assuming the backdoor doesn't already have keystroke logging functionality.

The Saitama backdoor was discovered in a malicious email campaign that uses an office file attachment to download the executable payload.

May 20, 2022