.: Beast 1.7 final (1) :.

By Tataye

Additional Details

  • Coded by: Tataye
  • Version: Beast 1.7 final (1)
  • Family: Beast
  • Category: Remote Access

MegaSecurity Notes

dropped files:
c:\WINNT\Help\msserv.chm     size: 176.161 bytes   (Backdoor.BeastDoor.17)
c:\WINNT\system32\kb.tlg     size: 348 bytes 
c:\WINNT\system32\mshost.exe size: 176.161 bytes   (Backdoor.BeastDoor.17)
c:\WINNT\system32\nipaa.exe  size: 167.439 bytes   (Backdoor.BeastDoor.17)

port: 666 TCP

added to registry:
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints\C\_DriveFlags
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints\C\_GFA
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints\C\_GVI
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NIPADAN\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIPAdAn\Enum
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIPAdAn\Security
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NIPADAN\0000\Control
HHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NIPAdAn\Enum
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NIPAdAn\Security 

tested on Win2000

URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at sub7crew@protonmail.com, thank you in advance.