Golden Retriever
Copyright © MegaSecurity
By Noa
Informations
| Author | Noa |
| Family | Golden Retriever |
| Category | Web Downloader |
| Version | Golden Retriever |
Additional Information
Server:
C:\mstask.exe
size: 19 KB
startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Author Information / Description
...,xxxXX/\/0@\/\/@R3XXxxx,...
}----------Golden Retreiver v1.1 BETA----------{
^By Noa^
.
***************************************************************************
*What the hell is it?******************************************************
***************************************************************************
Golden Retreiver is a very simple trojan made to do one specific thing.
Once GR is run it will ftp to your ftp site and download the file called
RunMe.exe. After it succesfully downloads it, it will be spawned.
NOTE: For a more detailed description scroll down.
***************************************************************************
*Package Description*******************************************************
***************************************************************************
GRcfg.exe- This needs to be run first so you can specify the username,
password, ftp server, and binary file to download.
.
GR.exe- This is the Golden Retreiver trojan file that needs to be
spawned on a remote computer. This one will not restart with windows.
.
GRreg.exe- This is the Golden Retreiver trojan file that needs to be
spawned on a remote computer. This one will restart with windows.
.
GRreg.exe.bak- This is a back-up of the one above because the GD trojan
file can only be configured once.
.
Read-Me.bat- Your viewing it dipshit.
.
Read-Me.pif- settings for readme file.
.
***************************************************************************
*Detailed description******************************************************
***************************************************************************
When you run the trojan file it will copy itself to
c:\mstask.exe with a different icon and add itself to the reg as
"Task Manager" in /CurrentVersion/Run/. Then GR will check and see if it has
allready been run and had a successfull download. If it hasn't then it
will ftp to your previously specified ftp site and download the exe file
named RunMe.exe(It *IS* Case Sensitive). If it can't successfully download
the trojan at that time than it will try ever 5 minutes until it's
successfull. If it is successfull than it will not start again untill the
downloaded trojan is deleted:)
!IMPORTANT NOTES!- In the config program make sure that when it asks you for
executable that you put RunMe.exe, or it will not work at all. Also, GR.exe
will not copy itself to the c:\ dir and add itself to the reg.
***************************************************************************
*Getting Started***********************************************************
***************************************************************************
Step#1. Upload your favorite trojan or whatever to your ftp site and rename
it RunME.exe(Case Sensitive).
.
Step#2. Run Config.exe and specify the required info.
.
Step#3. Give the GR Trojan file to a victim in some form or another.
.
Step#4. Go to your ftp site and look for The_Trojan_Was_Uploaded. If
it's there then trojan was successfully downloaded.
.
!!!!!!!!!!!!!!!!!!!!!!!!!iMPORTANT iNFO!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
The trojan file does not require any VB runtime files because it was not
coded in VB. BUT, the config.exe program requires VB6 runtimes. Sorry
about that. I had probs with making it in c++.
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
__If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.