AnnLoader
Jump to navigation
Jump to search
(Botnet) Link to the old Wiki page : [1] / Google search: [2]
AnnLoader | |
---|---|
Alias | |
Group | Downloading |
Parent | |
Sibling | |
Family | |
Relations | Variants: Sibling of: |
Target | Microsoft Windows |
Origin | |
Distribution vector | |
UserAgent | |
CCProtocol | HTTP (Centralized) |
Activity | / |
Status | |
Language | |
Programming language | |
Operation/Working group |
Introduction
AnnLoader est un botnet/loader developpé par des russes, il contient 4 modules :
1) ThiefX : Version: 1.3 qui est un password grabber, il permet de récupérer les mots de passe de 14 programmes dont :
- Fxp (ftp)
- Total commander (ftp)
- Filezilla (ftp)
- Wsftp (ftp)
- Mozilla Firefox (включая 7-ю версию) (web, forms)
- Opera (включая последние версии) (web, forms, ftp)
- CuteFTP (ftp)
- Qip2005 (icq)
- Qip2010 (icq, eml)
- QipInfium (icq, eml)
- The bat (eml)
- RDP (rdp)
- Google Chrome (web)
- Safari (web)
2) Substitution. Version: 1.0. il permet d'éditer le fichier host des victimes.
3) We can create a module that will be modifying the Webmoney purse id in the clipboard. Contact us on ICQ if interested.
4) MKL Keylogger. Version: 1.1. Dependable keylogger, qui permet d'envoyer les logs à travers HTML/FTP.
Features