Outbreak 0.2.3 (backdoored)
Released 19 years, 11 months ago. December 2004
Copyright © MegaSecurity
By satan_addict
Informations
Author | satan_addict |
Family | Outbreak |
Category | Remote Access |
Version | Outbreak 0.2.3 (backdoored) |
Released Date | Dec 2004, 19 years, 11 months ago. |
Additional Information
Client:
dropped files:
c:\WINDOWS\JNR#01.EXE size: 1.456.128 bytes (Backdoor.Win32.Outbreak.023)
c:\WINDOWS\JNR$01.EXE size: 89.600 bytes (Backdoor.Win32.Rbot.ea)
c:\WINDOWS\system32\win32api.exe size: 89.600 bytes (Backdoor.Win32.Rbot.ea)
port: 1033 TCP
added to registry:
HKEY_CURRENT_USER\Software\Microsoft\OLE "Win32 API Start"
data: win32api.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache "c:\windows\JNR#01.EXE"
data: JNR#01
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Win32 API Start"
data: win32api.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices "Win32 API Start"
data: win32api.exe
Server:
dropped file:
c:\WINDOWS\Server.exe size: 94.210 bytes
added to registry:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SERVER\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Server\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Server\Security
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\l
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SERVER\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Server\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Server\Security
tested on Windows XP
December 03, 2004
If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.