.: Beast 2.01 (a) :.
By Tataye
::actions

Additional Details
- Coded by: Tataye
- Version: Beast 2.01 (a)
- Family: Beast
- Category: Remote Access
MegaSecurity Notes
Client: registry keys added: HKEY_CLASSES_ROOT\.bad HKEY_CLASSES_ROOT\.bst HKEY_CLASSES_ROOT\BeastFile HKEY_CLASSES_ROOT\BeastFile\DefaultIcon HKEY_CLASSES_ROOT\BeastFile\shell HKEY_CLASSES_ROOT\BeastFile\shell\open HKEY_CLASSES_ROOT\BeastFile\shell\open\command HKEY_CLASSES_ROOT\BeastFile1 HKEY_CLASSES_ROOT\BeastFile1\DefaultIcon HKEY_CLASSES_ROOT\BeastFile1\shell HKEY_CLASSES_ROOT\BeastFile1\shell\open HKEY_CLASSES_ROOT\BeastFile1\shell\open\command Server: dropped files: c:\WINDOWS\SVCHOST.EXE c:\WINDOWS\COMMAND\msocge.com c:\WINDOWS\SYSTEM\msqmqr.com size: 52.224 bytes port: 6666 TCP startup: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "COM Service" HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{44CC0112-AB51-22EF-BA32-20AA12E6115C} "StubPath" HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "COM Service" added: c:\WINDOWS\SYSTEM\qmqr.blf HKEY_CURRENT_USER\Software\Microsoft\RAS Autodial\Control
URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at sub7crew@protonmail.com, thank you in advance.