Beast 1.92 (g) (March 24, 2003)

Copyright © MegaSecurity

By Tataye


Beast 1.92 (g) (March 24, 2003)
Informations
From Rumania
Author Tataye
Family Beast
Category Remote Access
Version Beast 1.92 (g) (March 24, 2003)
Language Delphi
Additional Information
Server:
dropped files:
c:\WINDOWS\svchost.exe                 Size: 52,736 bytes 
c:\WINDOWS\system32\kl.dli             Size: 94 bytes 
c:\WINDOWS\system32\Com\mscom32.com    Size: 52,736 bytes 
c:\WINDOWS\system32\wbem\wb.com        Size: 52,736 bytes 	

added to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{45DD0432-AA51-31EF-EEFA-06AA12E6115C} "StubPath"
data: C:\WINDOWS\System32\wbem\wb.com 

port: 666 TCP

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run "COM Service"
data: C:\WINDOWS\System32\COM\mscom32.com 


tested on Windows XP
October 01, 2005

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.