blackRat

blackRat
(Backdoor.Win32.Agent.ev)
(Trojan-Dropper.Win32.Small.ph)
(not-a-virus:PSWTool.Win32.PassView.160)
(not-a-virus:PSWTool.Win32.PWDump.2)

by neonew

Released in October 2004





Server
Dropped File:
c:\WINDOWS\system32.exe
Size: 16,348 bytes 

Startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "IEExtension"
Data: C:\WINDOWS\system32.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "IEExtension"
Data: C:\WINDOWS\system32.exe 



Tested on Windows XP
May 27, 2008

MegaSecurity