Tuesday, July 18, 2017
Home / Downloads / A look into HTTP botnets – Umbra Loader

A look into HTTP botnets – Umbra Loader

Umbra Loader is a popular  HTTP botnet open source project, and   version 1.1.1 has been released recently by the developer, Slayer616.

Slayer616 provides programs that he coded on his blog, including his Schwarze Sonne RAT available on code.google.com and Umbra Loader.  Umbra Loader is popular as it’s open source, no dependencies as it is coded in Delphi and somewhat stable.

There have been Umbra loader based botnets found in the wild, here is one that has been exposed.

Webroots Analysis on Umbra Loader.

Release Notes:

Changelog:
[Version 1.1.1] – added Registry-Persistance
– added Melt
– fixed installation process
– tweaked MD5

HowTo build loader:
-Compile /Binary/prjLoader_XE2.dpr with Delphi XE2
-Copy /Binary/prjLoader_XE2.exe to /Builder/stub/stub.exe
-Compile /Builder/prjBuilder.dpr with Delphi XE2
-run prjBuilder.exe

HowTo setup panel:
-create new table in phpMyAdmin
-edit /Panel/Panel/inc/config.php
-upload /Panel/ to your webhost
-use /Panel/Panel/install.php to install database
-delete /Panel/Panel/install.php
-done!

Pictures of the web panel:

builder:

 

 Download

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Unveiling the mask V1.0

Unveiling the mask V1.0, pdf write up and analysis by Kaspersky Labs. Excerpt from the …