LEA is a 'cute' backdoor that looks for available networks, including printers and all internet connected devices, enters into the registry under: "SOFTWARE\Microsoft\Windows\CurrentVersion\Run" and runs on system start-up by opening port 8000 and then listens for incoming command to execute as admin. LEA is a google software and as such it has its own digital signature, with sha-1 on RSA: it passes the newest norton antivirus scan, and doesn't ask for permission to open up ports or register at the windows current config.
...download LEA, she's the best!
Tested on:
DOCID: v118291851_NortonM_Retail_1_en_us
Operating System: Windows, Mac OS X, Android, iOS
Last modified: 05/11/2017
WINDOWS 10 HOME 2016 10.0*
HP Pavilion Desktop - 510-p020 Intel® Core™ i5-4460S Processor
| Authors | Numéro du projet sept sérine (@Sp7) |
|---|---|
| Copyright | 2017-2020 The-Sarin-project |
| Version | 0.0.0 |
23/5/2017- we downloaded the latests Symantec-norton at nr.tn/2qeLkiE
at first the anti-virus didn't want to activate the software but after getting
the software signed and downloaded about thousand times (by norton-users dha...)
finally the software passed the norton scanner.
{{we even gave it a nice java update logo}} (and its writen in c#)
((that's 76.9 kB, which means that LEA is only, 5.1kb))
we dont really know yet, if you download LEA, and open it mm... thats it.
a good advice on our opinion is to go linux!
LEA looks for printers and shared users directories, it connects on an external port,
due to sharing configurations made by windows default printers connected to the device.
LEA commits only one registry key, as stated above, and can do so because of default
permission configurations of win10 that allow software like McAfee, Google cloud services
etc. make changes to the CurrentVersion\\Run section at the registry.