Jump to content
Usr6

SkyNet - TOR botnet - analiza + sample

Recommended Posts

claudio_ddos-start-stop-winkel_tripel_world_black-01d-2px.jpg

geographical location of the attacking hosts

The malware sample we retrieved from Usenet has an unusually large size (almost 15MB)

The core code base composes a very simple Tor-enabled IRC bot which incorporates DDoS and a few other capabilities. A large part of the binary appears to be junk data, possibly to better disguise it as a legitimate download. It also empowers several obfuscation routines to twist detection.

The malware comes along with 4 additional embedded resources:

  • A ZeuS bot.
  • The Tor client for Windows.
  • The CGMiner bitcoin mining tool.
  • A copy of OpenCL.dll, used by CGMiner for CPU and GPU hash cracking

Analiza: https://community.rapid7.com/community/infosec/blog/2012/12/06/skynet-a-tor-powered-botnet-straight-from-reddit

Sample:Download Coldplay-Live_2012-2012-BriBerY.rar from Sendspace.com - send big files the easy way (descarcati doar pentru analiza, la nevoie mai am cateva sampleuri)

Parola: rst

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...