BAD R.A.T. 1.4

Released 19 years, 3 months ago. August 2005

By Mr Hawk

Informations

From	Germany
Author	Mr Hawk
Family	BAD R.A.T.
Category	Remote Access
Version	BAD R.A.T. 1.4
Released Date	Aug 2005, 19 years, 3 months ago.
Language	Visual Basic

Additional Information

Server:
dropped files:
c:\WINDOWS\keylog.dat       Size: 6 bytes 
c:\WINDOWS\newserver.exe    Size: 74,250 bytes 

port: 2323, 2324, 2325 TCP

added to registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableRegistryTools"
data: 01, 00, 00, 00 

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System "DisableTaskMgr"
data: 1 

HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\System "DisableCMD"
data: 01, 00, 00, 00 
	
tested on Windows XP
August 02, 2005

Author Information / Description

[New Version 1.4]
 |-[Bugs fixed]
 |   |-Reg_del
 |-[Client]
 |   |-Reg_change und Reg_new vereinfacht (Bessere Strucktur mit hex,dword,string)
 |   |-MSConfig (Startups,Win.ini,System.ini,boot.ini)
 |   |-Clientsetting: Reg Refresh
 |- [Server]
 |   |-Mirco wird gepackt (mit ArithMetic_DMC), wird im Clienten wieder entpackt
 |   |-Nochmals kleiner (ungepackt 232 KB)
 |-[Tests]
 |   |-ArithMetic_DMC 28KB gepackt auf 7 KB  = auf 25 % gepackt =75 % Packung!
 |-[Script]
 |   |- Neues PHP-Notify-Script(nur noch eine Datei)
 |   |- PHP-MySQL-Notify-Script-
 |   |- CGI-Notify-Script
 
Mr Hawk