Genie 1.3
Released 18 years, 9 months ago. February 2006
Copyright © MegaSecurity
By prncipia
Informations
| Author | prncipia |
| Family | Genie |
| Category | Remote Access |
| Version | Genie 1.3 |
| Released Date | Feb 2006, 18 years, 9 months ago. |
Additional Information
Server:
dropped file:
c:\WINDOWS\cprog.exe Size: 15,998 bytes
c:\WINDOWS\system32\regmont.exe Size: 15,998 bytes
startup;
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "Run"
data: C:\WINDOWS\cprog.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "RegMon"
data: C:\WINDOWS\System32\regmont.exe
tested on Windows XP
March 12, 2006
Author Information / Description
Genie is a simple Telnet backdoor program.
-When Gene.exe executed, it opens port on 1179.
-Creates a copy of itself as %System%\regmont.exe and %windir%\cprog.exe
-And adds the follow values in the registry to be executed each time Windows starts.
"HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run"
"RegMon" = " %System%\regmont.exe"
"HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows"
"Run" = "%windir%\cprog.exe"
Genie commands:
Lock locking Taskman and registry editors (win2k/xp)
UnLock Unlocking Taskman and registry editors (win2k/xp)
Reset Reboot windows.
Exit Close current connection.
Vshutdown Shutdown the virus.
Now to conect to remote host you have to type Telnet "targets_ip" 1179
then type "hello" to activate the program.
And the last step is to ask you the password and by default password is "katerina".
That's it.
prncipiaIf you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.