Finding b374k.php on a server is rarely the beginning of the story. It is the end of the initial breach. Here is the typical kill chain:
b374k is a powerful testament to how simple web scripts can grant total control over complex systems if they aren't properly secured. audit your server b374k.php
In b374k , the attacker might have used the "Download as ZIP" feature. Search for large outbound POST requests or entries in error_log indicating oversized payloads. Check if config.php (which contains database passwords) was accessed. Finding b374k