Gh0st RAT 2.8

Gh0st RAT 2.8 Beta
(not-a-virus:Porn-Dialer.Win32.Agent.cs)
(Trojan.Win32.Dialer.aql for Server)
(Trojan.Win32.Dialer.aqm for 6to4ex.dll)

by C.Rufus Security Team

Released in March 2008

Made in China

more versions


Server
Dropped File:
c:\WINDOWS\system32\6to4ex.dll
Size: 97,792 bytes  

Added to Registry:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RASMAN\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_TAPISRV\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6to4
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\6to4\Parameters
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HTTP\Parameters\S
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TAPISRV\0000\Control
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4\Parameters




Tested on Windows XP
May 19, 2008

MegaSecurity