.: Beast 2.07 :.
By Tataye
::actions
Additional Details
- Coded by: Tataye
- Version: Beast 2.07
- Family: Beast
- Category: Remote Access
MegaSecurity Notes
Server:
dropped files:
c:\WINDOWS\COMMAND.PIF size: 967 bytes
c:\WINDOWS\svchost.exe size: 30.869 bytes
c:\WINDOWS\COMMAND\msroem.com size: 30.869 bytes
c:\WINDOWS\SYSTEM\mslg.blf size: 227 bytes
c:\WINDOWS\SYSTEM\msludr.com size: 30.869 bytes
port: 6666 TCP
startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "COM Service"
data: C:\WINDOWS\COMMAND\msroem.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D} "StubPath"
data: C:\WINDOWS\SYSTEM\msludr.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "COM Service"
data: C:\WINDOWS\COMMAND\msroem.com
URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at sub7crew@protonmail.com, thank you in advance.