Beast 1.8 (November 13, 2002)
(Backdoor.Win32.Beastdoor.330)

by Tataye

Written in Delphi, compressed with ASPack

Released in November 2002

Made in Rumania

more versions 


Beast 1.8 - Remote Administration Tool

The server and the client are embedded in one exe - a trojan pack.
When running the exe you'll notice there are two options - Run Client or Build Server.
If you choose the building option, you will be prompt to configure the server and
afterwards the server is extracted with your settings.

SERVER FEATURES:

- set the listening port
- set the password for connection
- set the name
- choose an icon (there are few built-in icons or you can select another
  from specific files - exe, ico, dll)
- the server can't be edited after extraction
- good startup methods (these can't be selected)
- option for melting the server
- option for Firewall & AV killing
- set ICQ notification
- set mail notification
- hotkeys: if testing server on your own computer you can stop it until next boot
  with CTRL-ALT-SHIFT-DOWN and kill it with CTRL-ALT-SHIFT-TAB
- size ~193K (not bad for a delphi app)
- only one port opened for all downloadz, uploadz, commands

CLIENT FEATURES:

- file manager: download, upload, erase all files etc.
- windows optionz: poweroff, shutdown, reboot, logoff, hide all appz, close all appz
- app manager
- process manager
- get log: all the keys and opened windows are stored in an ecrypted file
- message box
- clipboard
- update server
- fun stuff: enable-disable taskbar etc.

COMMENTS:

The single server support for 9x boxes is to be hidden on CTRL-ALT-DEL.
In the near future I'll take it away, cause there are only a few outdated machines.
On NT (XP) is no method for getting passwordz (RAS, cached, AIM), so I didn't
put it only for 9x. For the next version I have to code a registry manager and
a remote desktop.

Tataye


Client:
size: 640.512 bytes



Server:
dropped files:
c:\WINDOWS\system32\kb.tlg         size: 292 bytes 
c:\WINDOWS\system32\mshost.exe     size: 197.672 bytes 
c:\WINDOWS\system32\shell32.com    size: 197.672 bytes 
c:\WINDOWS\system32\Com\comsv.com  size: 197.672 bytes 

port: 666 TCP

startup:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{AS096941-B967-10D8-9CBD-1671028A369E} "StubPath"
data: C:\WINDOWS\System32\Com\comsv.com 
	
HKEY_CLASSES_ROOT\exefile\shell\open\command "(Default)"
old data: "%1" %* 
new data: shell32.com "%1" %* 


tested on Windows XP
December 27, 2004
MegaSecurity