Golden Retriever

Copyright © MegaSecurity

By Noa


Golden Retriever
Informations
Author Noa
Family Golden Retriever
Category Web Downloader
Version Golden Retriever
Additional Information
Server:
C:\mstask.exe 

size: 19 KB

startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Author Information / Description
...,xxxXX/\/0@\/\/@R3XXxxx,...
         }----------Golden Retreiver v1.1 BETA----------{
                             ^By Noa^
.

 ***************************************************************************
 *What the hell is it?******************************************************
 ***************************************************************************
    Golden Retreiver is a very simple trojan made to do one specific thing.  
 Once GR is run it will ftp to your ftp site and download the file called    
 RunMe.exe. After it succesfully downloads it, it will be spawned.
 NOTE: For a more detailed description scroll down.                                                                                                                                
 ***************************************************************************
 *Package Description*******************************************************
 ***************************************************************************
 GRcfg.exe- This needs to be run first so you can specify the username,    
 password, ftp server, and binary file to download.                                    
.                                                                          
 GR.exe- This is the Golden Retreiver trojan file that needs to be 
 spawned on a remote computer.  This one will not restart with windows.
.
 GRreg.exe- This is the Golden Retreiver trojan file that needs to be 
 spawned on a remote computer.  This one will restart with windows.                                          
.                                                                                                                                      
 GRreg.exe.bak- This is a back-up of the one above because the GD trojan    
 file can only be configured once.                                         
.                                                                           
 Read-Me.bat- Your viewing it dipshit.
.                                       
 Read-Me.pif- settings for readme file.
.
 
 ***************************************************************************
 *Detailed description******************************************************
 ***************************************************************************
 	When you run the trojan file it will copy itself to                  
 c:\mstask.exe with a different icon and add itself to the reg as 
 "Task Manager" in /CurrentVersion/Run/. Then GR will check and see if it has
 allready been run and had a successfull download.  If it hasn't then it 
 will ftp to your previously specified ftp site and download the exe file 
 named RunMe.exe(It *IS* Case Sensitive).  If it can't successfully download 
 the trojan at that time than it will try ever 5 minutes until it's 
 successfull.  If it is successfull than it will not start again untill the 
 downloaded trojan is deleted:)
 !IMPORTANT NOTES!- In the config program make sure that when it asks you for 
 executable that you put RunMe.exe, or it will not work at all. Also, GR.exe 
 will not copy itself to the c:\ dir and add itself to the reg.
 ***************************************************************************
 *Getting Started***********************************************************
 ***************************************************************************
 Step#1. Upload your favorite trojan or whatever to your ftp site and rename 
 it RunME.exe(Case Sensitive).                
.                                                                           
 Step#2. Run Config.exe and specify the required info.                     
.                                                                           
 Step#3. Give the GR Trojan file to a victim in some form or another.  
.                                                                           
 Step#4. Go to your ftp site and look for The_Trojan_Was_Uploaded.  If
 it's there then trojan was successfully downloaded.
.                                                                           
 !!!!!!!!!!!!!!!!!!!!!!!!!iMPORTANT iNFO!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
 The trojan file does not require any VB runtime files because it was not  
 coded in VB.  BUT, the config.exe program requires VB6 runtimes.  Sorry   
 about that.  I had probs with making it in c++.                           
 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
                 __

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.