Umbra Loader is a popular HTTP botnet open source project, and version 1.1.1 has been released recently by the developer, Slayer616.
Slayer616 provides programs that he coded on his blog, including his Schwarze Sonne RAT available on code.google.com and Umbra Loader. Umbra Loader is popular as it’s open source, no dependencies as it is coded in Delphi and somewhat stable.
There have been Umbra loader based botnets found in the wild, here is one that has been exposed.
Webroots Analysis on Umbra Loader.
Release Notes:
Changelog:
[Version 1.1.1]
– added Registry-Persistance
– added Melt
– fixed installation process
– tweaked MD5HowTo build loader:
-Compile /Binary/prjLoader_XE2.dpr with Delphi XE2
-Copy /Binary/prjLoader_XE2.exe to /Builder/stub/stub.exe
-Compile /Builder/prjBuilder.dpr with Delphi XE2
-run prjBuilder.exeHowTo setup panel:
-create new table in phpMyAdmin
-edit /Panel/Panel/inc/config.php
-upload /Panel/ to your webhost
-use /Panel/Panel/install.php to install database
-delete /Panel/Panel/install.php
-done!
Pictures of the web panel:
builder: