.: Beast 1.7 final (1) :.
By Tataye
::actions
Additional Details
- Coded by: Tataye
- Version: Beast 1.7 final (1)
- Family: Beast
- Category: Remote Access
MegaSecurity Notes
dropped files: c:\WINNT\Help\msserv.chm size: 176.161 bytes (Backdoor.BeastDoor.17) c:\WINNT\system32\kb.tlg size: 348 bytes c:\WINNT\system32\mshost.exe size: 176.161 bytes (Backdoor.BeastDoor.17) c:\WINNT\system32\nipaa.exe size: 167.439 bytes (Backdoor.BeastDoor.17) port: 666 TCP added to registry: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints\C\_DriveFlags HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints\C\_GFA HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints\C\_GVI HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_NIPADAN\0000\Control HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIPAdAn\Enum HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NIPAdAn\Security HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_NIPADAN\0000\Control HHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NIPAdAn\Enum HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NIPAdAn\Security tested on Win2000
URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at sub7crew@protonmail.com, thank you in advance.