Wednesday, 1 February 2012

Andromeda Bot

English translation by @Sherb1n

Coder - Waahoo - Adv on Private Forum


This versatile modular bot can be used as the foundation for a botnet with an endless variety of possibilities. The bot’s functionality can be expanded through a system of plugins, any number of which can be added at any time.

Supports unlimited number of reserve domains.

Data exchange protocol between the bot and the admin server is RC4-encrypted.

 You can reconfigure your botnet to your needs at any time, by yourself.

Doesn’t overload the system, doesn’t require admin rights to install, doesn’t trigger a UAC pop-up.

The bot protects itself, so an unskilled user will not be able to remove it from the system.

Bypasses firewalls, doesn’t appear in the list of processes, injects into a trusted process.

Doesn’t produce any DLLs, doesn’t contain TLS, easy to encrypt.

Regardless of how successful the installation is, the original executable is deleted.

Works on WinXP through Win7, including x64 systems.

Very lightweight, written entirely in Assembler.

There are two versions of this bot:

01.* public inject-based, uses QueueUserAPC
02.* bypass-based; this version, unlike the one above, can get through proactive defense.

Written in PHP, bundled with MySQL.
Detects bots behind the NAT.
Keeps botnet stats: # of bots online/offline/dead, breakdown by country, breakdown by platform.
Keeps track of the number of finished/unfinished tasks.
Can set a limit on the number of times the task will be executed.
Can assign tasks to individual bots.
Assign tasks based on the bots’ countries.
Clear all stats/delete all dead bots from the DB.

Admin panel screenshots:

Price list:

01.* - $200
02.* - not for sale at the moment.
Rebuild for a new URL (main URL) - $10
For each additional reserve URL - $10

We accept:

Liberty Reserve (preferred)

No comments:

Post a Comment