Diabl0 Posted November 11, 2015 Share Posted November 11, 2015 (edited) Well, just posting it for educational purposes, INFO: Programming language: C (No C++!) OS: Win XP - 8.1 (all x86/x64) Admin rights required: No Special: Tor Integration, spawns no process -> x64/x86 Process injection, this is the first public bot which supports windows 8! File size: ~1,2 MB (because of Tor integration and x64/x86 Code), you can get a free assembler web downloader ~2KB Why Tor? The bot communicates only via Tor with your panel. With Tor you can get a really nice anonymous Botnet. It is almost impossible (well, theoretically it is possible, but Silkroad is still online, so don’t worry) to get your server ip and put your server down. You get a Tor onion domain and this domain cannot be blacklisted (lasts “forever”). So to sum up: If you don’t do any configuration mistakes, your botnet will probably last very long. You need a VPS or a dedicated server to host this tor botnet, because you need to set up a hidden service. Because of tor the botnet is consuming more hardware resources than typical botnets. Probably it is not possible to get a 10 Dollar/year VPS and trying to host over 1k victims. Setting up hidden service instructions: - https://www.torproje...service.html.en - http://kendildonic.w...th-a-cheap-vps/ - A little manual to set it up on debian based linux systems is included The bot consist of a core and various plugins/addons. Each plugin/addon costs some money. Every plugin also communicates over tor. (If somebody is interested in developing a plugin -> contact me) Some features: - Autostart, Persistence - x86/x64 Code, x86/x64 Injection with Heavens Gate technique - Anti-Analyzer (Protection against e.g. anubis.iseclab.org, malwr.com) - If you need: Anti-VM - Anti-Debug/Anti-Hook Engine - Doesn't use suspicious windows apis like GetProcAddress/GetModuleHandle - Plugins are saved to disk with AES-128-CBC encryption (random key) - Communication over tor is already encrypted, so no extra communication encryption - Every Plugin and the core is watermarked. Leak -> No updates/support. (Yes updates are free) - Everything UNICODE More Info On The Botnet's Features + Panel: [HIDE-THANKS] This is the hidden content, please Sign In or Sign Up [/HIDE-THANKS] IMAGE: This is the hidden content, please Sign In or Sign Up Download Link: [HIDE-THANKS] This is the hidden content, please Sign In or Sign Up [/HIDE-THANKS] Enjoy Guys... :) File Clean Analyzed by bxlcity [spoiler=Analyze]Have only Panel This is the hidden content, please Sign In or Sign Up Edited November 11, 2015 by bxlcity Analyze Link to comment Share on other sites More sharing options...
byPassWd Posted November 11, 2015 Share Posted November 11, 2015 Re: Atrax Botnet (Tor Hidden Service, untraceable) Included no Builder bot, you can get it? or uses google.com ?:p Link to comment Share on other sites More sharing options...
Spoofer Posted November 11, 2015 Share Posted November 11, 2015 Re: Atrax Botnet (Tor Hidden Service, untraceable) Included no Builder bot, you can get it? or uses google.com ?:p No ! have only panel ! you can get Builder on GooGle ... ! Link to comment Share on other sites More sharing options...
comrade Posted April 26, 2016 Share Posted April 26, 2016 Re: Atrax Botnet (Tor Hidden Service, untraceable) Above links are corrupted i think. https://www.torproje...service.html.en/ http://kendildonic.w...th-a-cheap-vps/ True Links: This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
jikjik Posted April 28, 2016 Share Posted April 28, 2016 Re: Atrax Botnet (Tor Hidden Service, untraceable) Above links are corrupted i think. This is the hidden content, please Sign In or Sign Up kendildonic.wordpress.com is no longer available. The authors have deleted this site. fix url :) This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
muha Posted May 12, 2016 Share Posted May 12, 2016 Re: Atrax Botnet (Tor Hidden Service, untraceable) it is vulnerable. proofs and This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Antonio24 Posted January 19, 2017 Share Posted January 19, 2017 Re: Atrax Botnet (Tor Hidden Service, untraceable) mant thx for this interesting Link to comment Share on other sites More sharing options...
Recommended Posts