Beast 2.01 (a) - Malware Gallery

Informations

From	Rumania
Author	Tataye
Family	Beast
Category	Remote Access
Version	Beast 2.01 (a)
Released Date	Jun 2003, 21 years, 3 months ago.
Language	Delphi

Additional Information

Client:
registry keys added:
HKEY_CLASSES_ROOT\.bad 
HKEY_CLASSES_ROOT\.bst 
HKEY_CLASSES_ROOT\BeastFile 
HKEY_CLASSES_ROOT\BeastFile\DefaultIcon 
HKEY_CLASSES_ROOT\BeastFile\shell 
HKEY_CLASSES_ROOT\BeastFile\shell\open 
HKEY_CLASSES_ROOT\BeastFile\shell\open\command 
HKEY_CLASSES_ROOT\BeastFile1 
HKEY_CLASSES_ROOT\BeastFile1\DefaultIcon 
HKEY_CLASSES_ROOT\BeastFile1\shell 
HKEY_CLASSES_ROOT\BeastFile1\shell\open 
HKEY_CLASSES_ROOT\BeastFile1\shell\open\command 



Server:
dropped files:
c:\WINDOWS\SVCHOST.EXE 
c:\WINDOWS\COMMAND\msocge.com 
c:\WINDOWS\SYSTEM\msqmqr.com 

size: 52.224 bytes

port: 6666 TCP

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "COM Service" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{44CC0112-AB51-22EF-BA32-20AA12E6115C} "StubPath" 
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "COM Service" 

added:
c:\WINDOWS\SYSTEM\qmqr.blf 

HKEY_CURRENT_USER\Software\Microsoft\RAS Autodial\Control