.: Haan :.

By c-cure

Additional Details

  • Coded by: c-cure
  • Version: Haan
  • Family: Haan
  • Category: Information Stealer

MegaSecurity Notes

Server:
c:\WINDOWS\TEMP\server\server\ev0.exe 
c:\WINDOWS\SYSTEM\wincmd.exe 

size: 177 KB

port: 80 TCP

startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Author Words

-= ev0luti0n HTTP keylogger =-  
                                    ._                    _.
                                       ~ expl0it_shad0w ~
 
-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-

o0 - Table Of Contents - 0o

-= Section 1 =-

A> Introduction
B> Instructions
C> Trojan Removal
D> Contacting Me



-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-

-= Section 1,A =-

-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-

Introduction

I wanted to make a keylogger with a difference,
I dont think one has been made like this yet, if it has let me know.
This is a Keylogger that records all the key strokes to a file, 
and it allows you to view them,
just by typing the victims IP address in the Internet Explorer
( or some other Internet browser ).

NOTE: the keylogger sucks, so im working on a better one.



-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-

-= Section 1,B =-

-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-

Instructions

Follow these instructions.

1. Rename "Server.exe" to what ever you want,
   make it convincing, not like "TROJAN.exe" or "KEYLOGGER.exe".

2> Send it to them and tell them its a new hacking tool,
      NOTE: Try binding it with a real one. If you know how.

( Once the victim opens it, it hides in memory and records all the key strokes on the computer,
  so you can view them with an Internet Browser like MSIE. )

3> Connect to there machine on port 80 with an Internet browser, as stated above.
   Type in there IP address into it and just hit Enter. 
   For example if the victims IP address was 127.0.0.1 you type in --/URL REDACTED BY SUB7CREW.ORG FOR YOUR SAFETY\-- or
   just 127.0.0.1.

4> have Phunn.



-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-

-= Section 1,C =-

-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-/-

Trojan Removal

Follow these simple instruction to remove ALL traces of the trojan.

1> Goto inside the windows\system directory and remove all these files.

smsg.html - Online HTML file
wincmd.exe - The Trojan Itself
Msvbrt60.dll - A needed DLL
evlog.dat - Stored keystokes

NOTE: If you can not delete wincmd.exe, or any of the other files,
just boot into MS-DOS and delete them there.
using the Del command.

2> Open up your Registry Editor and remove the following entry.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Wincmd - its a string.

3> Thats it.

URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at sub7crew@protonmail.com, thank you in advance.