Beast 2.07
(Backdoor.Win32.Beastdoor.205 for Client)
(Backdoor.Win32.Beastdoor.206.d for Server)

by Tataye

Written in Delphi

Released in August 2004

Made in Rumania

more versions


Beast 2.07 - Remote Administration Tool (AKA trojan)

- coded by tataye

Before using this program is STRONGLY RECOMMENDED to read 
the help within the executable (BeastStuff/Help).

What's new:

   - keylog emailer
   - smart keylogger
   - live keylogger
   - full skin support
   - editable SMTP addresses
   - Trillian passwords support
   - Fun (Restrictions, CrazyMouse)
   - smaller binder stub (5KB)
   - more GUI options
   - editable start-up keys
   - remote Screen right click
   - FileManager (queue downloads, column sorting, cancel downloads etc.)
   - remote screen right click
   - better port handling (not all ports open)
   - etc.


Fixes/improvements:

   - password finder works with injection
   - time functions (delay execution, user time etc.)
   - email notification
   - ICQ notification
   - SIN errors
   - binder
   - security hole
   - more stability for both client and server
   - closing the FileMangar while downloading/uploading
   - and many more


Important:
   - Beast 2.07 isn't compatible with the previous versions
   - on a machine is allowed only 1 beast server, doesn't matter what version
   - if the reverse connection is enabled then SIN is automatically enabled (and vice versa)
   - SIN can be used ONLY with reverse connection

 
Tataye   


Server:
dropped files:
c:\WINDOWS\COMMAND.PIF         size: 967 bytes 
c:\WINDOWS\svchost.exe         size: 30.869 bytes 
c:\WINDOWS\COMMAND\msroem.com  size: 30.869 bytes 
c:\WINDOWS\SYSTEM\mslg.blf     size: 227 bytes 
c:\WINDOWS\SYSTEM\msludr.com   size: 30.869 bytes 

port: 6666 TCP

startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "COM Service"
data: C:\WINDOWS\COMMAND\msroem.com 

HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D} "StubPath"
data: C:\WINDOWS\SYSTEM\msludr.com 

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run "COM Service"
data: C:\WINDOWS\COMMAND\msroem.com 


MegaSecurity