I Feel Lucky I Feel Very Lucky

ElfRAT 1.2

Released 20 years, 11 months ago. December 2003

Copyright © MegaSecurity

By HelioS

Informations
Author HelioS
Family Elf
Category Remote Access
Version ElfRAT 1.2
Released Date Dec 2003, 20 years, 11 months ago.
Language Visual Basic
Additional Information 
Server:
dropped file:
c:\WINDOWS\SYSTEM\elfRAT.exe 
 
size: 73.728 bytes 

port: 6969 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "ELFRAT"

Author Information / Description 
+---------------------------------------------------------------------+
    ¦ ¦¦¦¦ IRC NOTIFIER COMMANDS                                          ¦
    +---------------------------------------------------------------------+


      !login;<password>                    login as master/admin to the server
      !logout                              logout as master/admin

      !getversion                          server will report the server version
      !getip                               server will report the victims ip
      !connect;<ip>;<port>                 server will connect to the ip and port where
                                           a client is listening on

      !quit                                makes the server quit
      !end                                 makes the server end
      !uninstall                           makes the server uninstall itself

      !getreg;<fullregistrykeyname>        server will report the value of that reg key
      !raw;<rawirccommand>                 server will send a raw irc command to the irc server
      !kill;<exename>                      server will try to close the given exe
      !killservice;<servicename>           server will try to close the given service
      !reroute                             server will rerout all messages in channel and 
                                           private message to his master
      !downloadrun;<url>                   server will download a file from the internet
                                           and open/run it
      !flood;<ircuser>,<times>;<message>   server will message the ircuser
      !free                                server will allow anybody to execute server commands
                                           not only the master/admin
      !reconnect                           server will reconnect to the irc server
      !set;...                             server will update his settings
          ;nick;<newircname>
          ;channel;<newircchannel>
          ;server;<newircserver>
          ;pass;<newpassword>
          ;icq;<newicqnumber>

HelioS

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.