Difference between revisions of "Atrax"
Jump to navigation
Jump to search
m (Text replacement - "OS1=" to "Target=") |
m (Text replacement - "TOR" to "Tor") |
||
| Line 7: | Line 7: | ||
* dlexec – download and execute file | * dlexec – download and execute file | ||
* dlrunmem – download file and inject it to browser | * dlrunmem – download file and inject it to browser | ||
* dltorexec – download | * dltorexec – download Tor executable file and execute | ||
* dltorrunmem – download | * dltorrunmem – download Tor executable file inject it to browser | ||
* update – update itself | * update – update itself | ||
* install – download file, encrypt with AES and save to %APPDATA% | * install – download file, encrypt with AES and save to %APPDATA% | ||
* installexec – download file, encrypt with AES and save to %APPDATA% and execute afterward | * installexec – download file, encrypt with AES and save to %APPDATA% and execute afterward | ||
* kill – terminate all own threads | * kill – terminate all own threads | ||
|Infrastructure=* On | |Infrastructure=* On Tor (found by ESET): iloii7dnyotii3gr.onion (/auth.php) | ||
|UserAgent=Unknown | |UserAgent=Unknown | ||
|CCProtocol= | |CCProtocol=Tor | ||
|Target=Microsoft Windows | |Target=Microsoft Windows | ||
|Etat=Unknown | |Etat=Unknown | ||
Revision as of 18:19, 3 August 2015
(Botnet) Link to the old Wiki page : [1] / Google search: [2]
| Atrax | |
|---|---|
| Alias | |
| Group | Stealing |
| Parent | |
| Sibling | |
| Family | |
| Relations | Variants: Sibling of: |
| Target | Microsoft Windows |
| Origin | |
| Distribution vector | |
| UserAgent | Unknown |
| CCProtocol | Tor (Distributed-centralized) |
| Activity | 2013 / Unknown |
| Status | |
| Language | |
| Programming language | |
| Operation/Working group | |
Introduction
Features
Associated images
Checksums / AV databases
Publications
| Author | Editor | Year | |
|---|---|---|---|
| The rise of TOR-based botnets | Aleksandr Matrosov | ESET | 2013 |