by Tataye
See Ulysses
Written in Delphi, compressed with ASPack
Released in December 2002
Made in Rumania
Beast 1.90 - Remote Administration Tool (AKA trojan)
_________________________________________
1. INTRODUCTION
The server, the client and the server editor are embedded in one exe - a trojan pack.
When you choose to build the server, you will be prompt to configure the server and
afterwards it'll be extracted with your settings.
Package size: 524k.
_________________________________________
2. SERVER FEATURES:
- set the listening port
- set the password for connection
- set the name
- choose an icon (there are few built-in icons or you can select ANY icon from
specific files - exe, ico, dll)
- the server can't be edited after extraction
- 2 startup methods (if you choose the 'continuous' method the server will be launched
everytime an exe is ran; this method has an side effect, the computer can't be restarted
or shuted down from the start button - this isn't a programming bug, but i'll try to
bypass this annoying thing on the next version)
- option for melting the server on the first run
- option for keylloger
- option for Firewall & AV killing (over 300 AV-FW are killed)
- set ICQ notification
- set mail notification
- option for hotkeys: if enabling this option you can stop the server with
CTRL-ALT-SHIFT-DOWN and kill it with CTRL-ALT-SHIFT-TAB (this could be useful when
testing the server or your own computer)
- size: ~31K
- only one port opened for all downloadz, uploadz, commands
- stability: 100% (you can try to crash the server and if you succeed please let me know)
- server memory usage: 200-500k (could be sometime a little greater, but for short period)
_________________________________________
3. CLIENT FEATURES:
- file manager: download, upload, erase all files (beginning with the last drive ;-)) etc.
- windows optionz: poweroff, shutdown, reboot, logoff, hide all appz, close all appz
- app manager: view/kill visible appz
- process manager: you can kill any NT service
- registry manager: view, add, remove keys (values)
- get log: all the keys and opened windows are trapped and stored in an encrypted file
- message box: send messages to the server
- clipboard: view & set clipboard text
- update server
- fun stuff: enable-disable taskbar etc.
etc.
_________________________________________
4. COMMENTS:
The single server support for 9x boxes is to be hidden on CTRL-ALT-DEL.
In the near future I'll take it away, cause there are only a few outdated machines.
The trojan was tested on Windoze 98, 2k and, especially, XP. The server is running well
on all the mentioned systems, but XP is preferred.
On NT (XP) is no method for getting passwordz (RAS, cached, AIM), so I didn't
put it only for 9x. For the next version I'll try to add a remote desktop feature.
I know this is a must, but will be done only if I'll found a reliable method wich won't
increase the server size too much.
Tataye
Servers:
c:\WINDOWS\SYSTEM\COM\csvc.com
c:\WINDOWS\SYSTEM\mshost.exe
size: 31.779 bytes
port: 666 TCP
startup:
HKEY_LOCAL_MACHINE\Software\Microsoft\Active Setup\Installed Components\{AP042907-B967-10D8-9CBD-2672810A369E} "StubPath"
added:
c:\WINDOWS\SYSTEM\lg.ttl
MegaSecurity