test.aspx

Test.aspx is a malicious software (malware) that was found embedded in a SharePoint server. It's part of a group of webshells, including stylecs.aspx and stylecss.aspx, all of which appear to be related to the China Chopper webshell. This malware can infiltrate your system through suspicious downloads, emails, or websites and once inside, it can steal personal information, disrupt operations, or even hold your data hostage for ransom. The test.aspx webshell operates by running base64 encoded JScript provided in the URL of the request, similar to its counterpart, stylecs.aspx. However, test.aspx has a unique feature where it uses a parameter related to the compromised organization to obtain the base64 encoded JScript. This allows it to execute specific actions and display certain information within the browser, based on the compromised organization's details. Interestingly, the test.aspx shell includes code that sets the HTTP response status to a 404 Not Found. This means that while an error page will be displayed to the user, the provided JScript will still run in the background. This clever disguise allows the malware to operate undetected, making it particularly dangerous as it continues to exploit and damage the compromised system without raising any immediate alarms.