AnnLoader

From Botnets.fr
Jump to: navigation, search

(Botnet) Link to the old Wiki page : [1] / Google search: [2]

AnnLoader
Alias
Group Downloading
Parent
Sibling
Family
Relations Variants:

Sibling of:
Parent of:
Distribution of:
Campaigns:

Target Microsoft Windows
Origin
Distribution vector
UserAgent
CCProtocol HTTP (Centralized)
Activity /
Status
Language
Programming language
Operation/Working group

Introduction

AnnLoader est un botnet/loader developpé par des russes, il contient 4 modules :


1) ThiefX : Version: 1.3 qui est un password grabber, il permet de récupérer les mots de passe de 14 programmes dont :

  • Fxp (ftp)
  • Total commander (ftp)
  • Filezilla (ftp)
  • Wsftp (ftp)
  • Mozilla Firefox (включая 7-ю версию) (web, forms)
  • Opera (включая последние версии) (web, forms, ftp)
  • CuteFTP (ftp)
  • Qip2005 (icq)
  • Qip2010 (icq, eml)
  • QipInfium (icq, eml)
  • The bat (eml)
  • RDP (rdp)
  • Google Chrome (web)
  • Safari (web)

2) Substitution. Version: 1.0. il permet d'éditer le fichier host des victimes.

3) We can create a module that will be modifying the Webmoney purse id in the clipboard. Contact us on ICQ if interested.

4) MKL Keylogger. Version: 1.1. Dependable keylogger, qui permet d'envoyer les logs à travers HTML/FTP.

Features


Associated images

Checksums / AV databases

Publications