Locked Atrax Botnet (Tor Hidden Service, untraceable)

[Diabl0]

Well, just posting it for educational purposes,

 

INFO:

Programming language: C (No C++!)

OS: Win XP - 8.1 (all x86/x64)

Admin rights required: No

Special: Tor Integration, spawns no process -> x64/x86 Process injection, this is the first public bot which supports windows 8!

File size: ~1,2 MB (because of Tor integration and x64/x86 Code), you can get a free assembler web downloader ~2KB

Why Tor?

The bot communicates only via Tor with your panel. With Tor you can get a really nice anonymous Botnet. It is almost impossible (well, theoretically it is possible, but Silkroad is still online, so don’t worry) to get your server ip and put your server down. You get a Tor onion domain and this domain cannot be blacklisted (lasts “forever”). So to sum up: If you don’t do any configuration mistakes, your botnet will probably last very long.

You need a VPS or a dedicated server to host this tor botnet, because you need to set up a hidden service. Because of tor the botnet is consuming more hardware resources than typical botnets. Probably it is not possible to get a 10 Dollar/year VPS and trying to host over 1k victims.

 

Setting up hidden service instructions:

- https://www.torproje...service.html.en

- http://kendildonic.w...th-a-cheap-vps/

- A little manual to set it up on debian based linux systems is included

 

The bot consist of a core and various plugins/addons. Each plugin/addon costs some money. Every plugin also communicates over tor.

(If somebody is interested in developing a plugin -> contact me)

 

Some features:

- Autostart, Persistence

- x86/x64 Code, x86/x64 Injection with Heavens Gate technique

- Anti-Analyzer (Protection against e.g. anubis.iseclab.org, malwr.com)

- If you need: Anti-VM

- Anti-Debug/Anti-Hook Engine

- Doesn't use suspicious windows apis like GetProcAddress/GetModuleHandle

- Plugins are saved to disk with AES-128-CBC encryption (random key)

- Communication over tor is already encrypted, so no extra communication encryption

- Every Plugin and the core is watermarked. Leak -> No updates/support. (Yes updates are free)

- Everything UNICODE

More Info On The Botnet's Features + Panel:

[HIDE-THANKS]

This is the hidden content, please

• Sign In
• or
• Sign Up

[/HIDE-THANKS]

IMAGE:

This is the hidden content, please

• Sign In
• or
• Sign Up

 

Download Link:

 

 

[HIDE-THANKS]

This is the hidden content, please

• Sign In
• or
• Sign Up

[/HIDE-THANKS]

 

Enjoy Guys... :)

 

 

File Clean Analyzed by bxlcity

 

[spoiler=Analyze]Have only Panel

 

This is the hidden content, please

• Sign In
• or
• Sign Up

 

 

Edited November 11, 2015 by bxlcity
Analyze

[byPassWd]

Re: Atrax Botnet (Tor Hidden Service, untraceable)

 

Included no Builder bot, you can get it? or uses google.com ?:p

[Spoofer]

Re: Atrax Botnet (Tor Hidden Service, untraceable)

 

Included no Builder bot, you can get it? or uses google.com ?:p

 

No ! have only panel ! you can get Builder on GooGle ... !

[comrade]

Re: Atrax Botnet (Tor Hidden Service, untraceable)

 

Above links are corrupted i think.

 

https://www.torproje...service.html.en/

http://kendildonic.w...th-a-cheap-vps/

 

True Links:

 

This is the hidden content, please

• Sign In
• or
• Sign Up

This is the hidden content, please

• Sign In
• or
• Sign Up

[jikjik]

Re: Atrax Botnet (Tor Hidden Service, untraceable)

 

Above links are corrupted i think.

 

 

This is the hidden content, please

• Sign In
• or
• Sign Up

 

 

 

kendildonic.wordpress.com is no longer available.

 

The authors have deleted this site.

 

fix url :)

This is the hidden content, please

• Sign In
• or
• Sign Up

[muha]

Re: Atrax Botnet (Tor Hidden Service, untraceable)

 

it is vulnerable.

 

proofs

 

and

 

This is the hidden content, please

• Sign In
• or
• Sign Up

[Antonio24]

Re: Atrax Botnet (Tor Hidden Service, untraceable)

 

mant thx for this interesting