Telnet Backdoor 1.4

Released 20 years, 3 months ago. August 2004

By heroin

Informations

Author	heroin
Family	Telnet Server
Category	Remote Access
Version	Telnet Backdoor 1.4
Released Date	Aug 2004, 20 years, 3 months ago.

Additional Information

dropped file:
c:\WINDOWS\system32\svchost.exe 
size: 67.584 bytes 
 
port: 1023 TCP

added to registry:
HKEY_CLASSES_ROOT\.exe 
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_WMI-CLIENT\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\svchost
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WMI-Client\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WMI-Client\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WMI-CLIENT\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\svchost
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WMI-Client\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WMI-Client\Security

tested on Windows XP

Author Information / Description

heroin