Nuclear Bot

Forum for analysis and discussion about malware.

Nuclear Bot

Postby tildedennis » Mon Dec 19, 2016 8:14 pm

dropper: https://www.virustotal.com/en/file/ff83 ... /analysis/
main: https://www.virustotal.com/en/file/25a3 ... /analysis/
mitb: https://www.virustotal.com/en/file/53af ... /analysis/

c2:
Code: Select all
hxxp://85.69.197.19/PanelDark/client.php


components attached, likely test/development samples.
You do not have the required permissions to view the files attached to this post.
tildedennis
 
Posts: 32
Joined: Mon Jun 17, 2013 7:57 pm
Reputation point: 17

Re: Nuclear Bot

Postby Peuk420 » Fri Feb 10, 2017 5:24 pm

What to do with this?
Peuk420
 
Posts: 1
Joined: Tue Jan 31, 2017 7:30 pm
Reputation point: 0

Re: Nuclear Bot

Postby TheExecuter » Mon Feb 13, 2017 9:45 am

The main file shouldn't execute properly.
RtlAdjustPrivilege's 4th param is null. It'll crash for access violation.
how'd you extract the dlls?
TheExecuter
 
Posts: 25
Joined: Sat Aug 10, 2013 5:02 pm
Reputation point: 0

Re: Nuclear Bot

Postby tildedennis » Tue Feb 14, 2017 4:11 pm

statically. they're stored compressed in the dropper and can be carved out and RtlDecompressBuffer'd.
tildedennis
 
Posts: 32
Joined: Mon Jun 17, 2013 7:57 pm
Reputation point: 17


Return to Malware

Who is online

Users browsing this forum: No registered users and 11 guests