.: Genie 1.3 :.
Released 15 years, 8 months ago. Feb 2006By prncipia
- Coded by: prncipia
- Version: Genie 1.3
- Released date: Feb 2006, 15 years, 8 months ago.
- Family: Genie
- Category: Remote Access
Server: dropped file: c:\WINDOWS\cprog.exe Size: 15,998 bytes c:\WINDOWS\system32\regmont.exe Size: 15,998 bytes startup; HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "Run" data: C:\WINDOWS\cprog.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "RegMon" data: C:\WINDOWS\System32\regmont.exe tested on Windows XP March 12, 2006
Genie is a simple Telnet backdoor program. -When Gene.exe executed, it opens port on 1179. -Creates a copy of itself as %System%\regmont.exe and %windir%\cprog.exe -And adds the follow values in the registry to be executed each time Windows starts. "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run" "RegMon" = " %System%\regmont.exe" "HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows" "Run" = "%windir%\cprog.exe" Genie commands: Lock locking Taskman and registry editors (win2k/xp) UnLock Unlocking Taskman and registry editors (win2k/xp) Reset Reboot windows. Exit Close current connection. Vshutdown Shutdown the virus. Now to conect to remote host you have to type Telnet "targets_ip" 1179 then type "hello" to activate the program. And the last step is to ask you the password and by default password is "katerina". That's it. prncipia
URL's and mails were automatically redacted (filtered) for reader's safety. However the filter is not perfect and can't find all harmful elements. If you find something dangerous including file link, website, mail address, profanity... contact me immediately at email@example.com, thank you in advance.