ARAB RAT 1.0

ARAB RAT 1.0
(Trojan-Downloader.Win32.VB.ee)
(Trojan.Win32.Madtol.a for Aroot.exe)
(Trojan.Win32.Madtol.a for iexplore.dll)
(Trojan.Win32.Madtol.j for explorer.dll)
(Trojan.BAT.Netstop.a for Kernel.bat)
(Trojan-Dropper.Win32.Mudrop.mu for Server)

by QwEErz

Written in Visual Basic

Released in March 2006




Server:
dropped files:
c:\WINDOWS\arar.exe                 Size: 139,264 bytes 
c:\WINDOWS\system32\Aroot.exe       Size: 71,292 bytes 
c:\WINDOWS\system32\explorer.dll    Size: 88,576 bytes 
c:\WINDOWS\system32\iexplore.dll    Size: 82,944 bytes 
c:\WINDOWS\system32\jpg.dll         Size: 53,248 bytes 
c:\WINDOWS\system32\Kernel.bat      Size: 7,552 bytes 

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Aroot.exe"
data: C:\WINDOWS\System32\Aroot.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows Logon Application"
data: C:\WINDOWS\Csrss.exe 
	
	

tested on Windows XP
December 07, 2006

MegaSecurity