Beast 1.8
(Backdoor.Win32.Beastdoor.18 for Server)
(Backdoor.Win32.Beastdoor.18.c for Client)

by Tataye

See Ulysses

Written in Delphi, compressed with ASPack

Released in November 2002

Made in Rumania

more versions


Beast 1.8 - Remote Administration Tool

The server and the client are embedded in one exe - a trojan pack.
When running the exe you'll notice there are two options - Run Client or Build Server.
If you choose the building option, you will be prompt to configure the server and
afterwards the server is extracted with your settings.

SERVER FEATURES:

- set the listening port
- set the password for connection
- set the name
- choose an icon (there are few built-in icons or you can select another
  from specific files - exe, ico, dll)
- the server can't be edited after extraction
- good startup methods (these can't be selected)
- option for melting the server
- option for Firewall & AV killing
- set ICQ notification
- set mail notification
- hotkeys: if testing server on your own computer you can stop it until next boot
  with CTRL-ALT-SHIFT-DOWN and kill it with CTRL-ALT-SHIFT-TAB
- size ~193K (not bad for a delphi app)
- only one port opened for all downloadz, uploadz, commands

CLIENT FEATURES:

- file manager: download, upload, erase all files etc.
- windows optionz: poweroff, shutdown, reboot, logoff, hide all appz, close all appz
- app manager
- process manager
- get log: all the keys and opened windows are stored in an ecrypted file
- message box
- clipboard
- update server
- fun stuff: enable-disable taskbar etc.

COMMENTS:

The single server support for 9x boxes is to be hidden on CTRL-ALT-DEL.
In the near future I'll take it away, cause there are only a few outdated machines.
On NT (XP) is no method for getting passwordz (RAS, cached, AIM), so I didn't
put it only for 9x. For the next version I have to code a registry manager and
a remote desktop.

Tataye


Client:
size: 640.512 bytes



Servers:
c:\WINDOWS\SYSTEM\mshost.exe
size: 176.161 bytes 

c:\WINDOWS\SYSTEM\shell32.com 
C:\WINDOWS\SYSTEM\Com\comsv.com 
size: 196.647 bytes 

port: 666 TCP

startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{AS096941-B967-10D8-9CBD-1671028A369E} "StubPath" 
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)" 

MegaSecurity