Difference between revisions of "Atrax"

From Botnets.fr
Jump to navigation Jump to search
m (1 revision imported)
m (Text replacement - "=Unknown" to "=")
 
(8 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{Botnet
{{Botnet
|Target=Microsoft Windows
|UserAgent=
|CCProtocol=Tor
|Checksum=a7da414a5033cd3178fa5dc2cd52017e5e658b98, 5bcb59b0025ba397d30938d16bc6904475bb3f89, 16b7b43625ccba34f67258fa1c4b8017e8d0e747,
|BeginYear=2013
|EndYear=
|Group=Stealing
|Fonctionnalités=* [[feature::Virtual machine detection]]
|Fonctionnalités=* [[feature::Virtual machine detection]]
* [[feature::Debugging detection]]
* [[feature::Debugging detection]]
Line 7: Line 14:
* dlexec – download and execute file
* dlexec – download and execute file
* dlrunmem – download file and inject it to browser
* dlrunmem – download file and inject it to browser
* dltorexec – download TOR executable file and execute
* dltorexec – download Tor executable file and execute
* dltorrunmem – download TOR executable file inject it to browser
* dltorrunmem – download Tor executable file inject it to browser
* update – update itself
* update – update itself
* install – download file, encrypt with AES and save to %APPDATA%
* install – download file, encrypt with AES and save to %APPDATA%
* installexec – download file, encrypt with AES and save to %APPDATA% and execute afterward
* installexec – download file, encrypt with AES and save to %APPDATA% and execute afterward
* kill – terminate all own threads
* kill – terminate all own threads
|Infrastructure=* On TOR (found by ESET): iloii7dnyotii3gr.onion (/auth.php)
|Infrastructure=* On Tor (found by ESET): iloii7dnyotii3gr.onion (/auth.php)
|UserAgent=Inconnu
|Etat=
|CC1=TOR
|OS1=Microsoft Windows
|Etat=Inconnu
|AnnéeDébut=2013
|AnnéeFin=Inconnu
|Groupe=Stealing
|Victime4=
|Victime4=
}}
}}

Latest revision as of 15:46, 8 August 2015

(Botnet) Link to the old Wiki page : [1] / Google search: [2]

Atrax
Alias
Group Stealing
Parent
Sibling
Family
Relations Variants:

Sibling of:
Parent of:
Distribution of:
Campaigns:

Target Microsoft Windows
Origin
Distribution vector
UserAgent
CCProtocol Tor (Distributed-centralized)
Activity 2013 /
Status
Language
Programming language
Operation/Working group

Introduction

Features

Associated images

Checksums / AV databases

  • a7da414a5033cd3178fa5dc2cd52017e5e658b98 | Virustotal
  • 5bcb59b0025ba397d30938d16bc6904475bb3f89 | Virustotal
  • 16b7b43625ccba34f67258fa1c4b8017e8d0e747 | Virustotal




Publications

 AuthorEditorYear
The rise of TOR-based botnetsAleksandr MatrosovESET2013
Retrieved from "https://www.botnets.fr/index.php?title=Atrax&oldid=12330"