Ardbot [x86/x64]

Forum for analysis and discussion about malware.

Ardbot [x86/x64]

Postby R136a1 » Tue Dec 15, 2015 12:36 pm

Hi folks,

first discovered this bot a few months ago. It seems to be a work in progress, because bot and loader are full of debug strings. Currently, it constantly crashes explorer.exe after injection process on all Windows versions up to Windows 10. Might be anyway interesting for future research, since it looks like a bigger project...

Earlier version only consists of a dropper for the x86 and x86-64 payloads, later versions also come with a loader. At moment, it is not classified by any AV software.

August sample:
Dropper
https://www.virustotal.com/en/file/e207 ... /analysis/

November samples:
Loader
https://www.virustotal.com/en/file/2cbb ... /analysis/
https://www.virustotal.com/en/file/72cd ... /analysis/
https://www.virustotal.com/en/file/599b ... /analysis/
Dropper
https://www.virustotal.com/en/file/e356 ... /analysis/
You do not have the required permissions to view the files attached to this post.
User avatar
R136a1
 
Posts: 215
Joined: Wed Jul 13, 2011 4:30 pm
Location: Germany
Reputation point: 136

Re: Ardbot [x86/x64]

Postby p4r4n0id » Mon Dec 21, 2015 2:48 pm

Hi,

A short analysis of Ardbot - http://breakingmalware.com/malware/ardb ... struction/

R136a1 - we gave you the credit :)

Cool find!

p4r4n0id
Keep Low. Move Fast. Kill First. Die Last. One Shot. One Kill. No Luck. Pure Skill.
http://p4r4n0id.com/
p4r4n0id
 
Posts: 126
Joined: Thu Sep 22, 2011 11:36 am
Location: Israel
Reputation point: 30


Return to Malware

Who is online

Users browsing this forum: No registered users and 7 guests