Outbreak 0.2.3 (backdoored)

Released 19 years, 11 months ago. December 2004

Copyright © MegaSecurity

By satan_addict


Informations
Author satan_addict
Family Outbreak
Category Remote Access
Version Outbreak 0.2.3 (backdoored)
Released Date Dec 2004, 19 years, 11 months ago.
Additional Information
Client:
dropped files:
c:\WINDOWS\JNR#01.EXE            size: 1.456.128 bytes  (Backdoor.Win32.Outbreak.023)
c:\WINDOWS\JNR$01.EXE            size: 89.600 bytes     (Backdoor.Win32.Rbot.ea)
c:\WINDOWS\system32\win32api.exe size: 89.600 bytes     (Backdoor.Win32.Rbot.ea)

port: 1033 TCP

added to registry:
HKEY_CURRENT_USER\Software\Microsoft\OLE "Win32 API Start"
data: win32api.exe 

HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache "c:\windows\JNR#01.EXE"
data: JNR#01 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Win32 API Start"
data: win32api.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "Win32 API Start"
data: win32api.exe 






Server:
dropped file:
c:\WINDOWS\Server.exe  size: 94.210 bytes 

added to registry:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SERVER\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Server\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Server\Security

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\l

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SERVER\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Server\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Server\Security

tested on Windows XP
December 03, 2004

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.