I have two samples of the new 1.5 version of betabot.
Code: Select all--------------------------------------------------------------------------------------------------------------------------------
Beta Bot - New Features and Additions
--------------------------------------------------------------------------------------------------------------------------------
Highlights of the Update
File size is less than 140kb
Crypter Compatibility drastically increased
Full Chrome Support - The DNS Redirector and the Form Grabber now fully support Google Chrome.
64-Bit Userkit - Beta Bot's Userkit, or Ring-3 Rootkit, which previously only supported 32-Bit Machines, has been updated to support 64-Bit Machines as well.
POP3 Grabber - The POP3 Grabber delivers E-Mail login credentials as your bots log in over the network, in real time.
File Search - Search your bot's systems for specific keywords and filetypes. Files containing relevant keywords will be zipped and uploaded to the server.
Full Changelog - Sept 13 2013
Bot - Major
64-bit userkit
POP3 grabber
Chrome grabber / DNS redirection support
File search - Search all files' content for keywords and upload files containing matches to panel
Config editor to edit builds -- Change group names
Block installation of some bootkits (Mainly Rovnix(Carberp) - Can toggle on/off from panel)
Enhanced bot resource protection (persistence) on some systems (around 40%~) (Much harder to remove in some cases)
Bot - Minor
Run DLL/Jar files
File size now less than 140kb
Fetches UAC social engineering translations from panel
ESET AV Killer now works on Vista+, AV Killer updated to include Ahnlab v3 Lite (XP only), BitDefender (on minimal config)
Better support for Avast sandbox. All sandbox prompts are now automatically accepted to increase download/exec rate.
Proactive bypasses updated (Trend Micro/McAfee now fully bypassed, BitDefender bypass finished but not 100% reliable)
PuTTY Live login grabber now works with latest update (0.63). New code locations and improper typecasting previous caused crash in latest version (0.63)
Improved crypter compatibility
Added new detection techniques to botkiller and increased overall efficiency
Panel - Minor
Enhanced search features
TOR Blacklist
Remove bot/other buttons on bot list
Graphs added to statistics page / Panel settings reorganized
Can now delete individual form/login grab entries
Can now add lists of formgrab url masks at a time (Instead of just one at a time)
Modify main bot list view settings (Change display order and maximum number of bots displayed per page)
Main index now displays top 5 countries graph and world map based on bot count
GeoIP updated
Panel - Major
Notes system. Leave notes for single/all user(s)
Task failure tracking
AV Checker (s4y)
Event logs page added in panel settings
Bot grouping via group names
Formgrabber filter management options increased, form search enhanced and other useful changes to formgrab feature
Login grabber can now be toggled on/off
Fixes/Tweaks
Fixed issue where large amounts of page numbers would take up entire webpage
Fixed issue with formgrab filter management not properly handling some SQL queries
Fixed issue with task processing where if bot received more than 3 tasks at once, it would only process first 3, and may sometimes crash while attempting to parse the 4th one
Fixed crash issue related to thread creation in some processes
Fixed rare issue in process injector where an improperly initialized structure could result in fatal crash
Fixed a few memory leak issues
Fixed formgrabber compatibility with Firefox versions >= 22
Fixed issue with hook restorer not restoring system call hook
Fixed formgrabber for Windows 8, however, userkit is still having issues
Fixed issue where bot was not always sending stored logins for supported FTP Clients
Tweak: Systems configured to use a proxy for internet access are now supported if bot cannot access directly after cycling through C&C list
Tweak: HTTP Component now handles `302 Found` issues better. However, issue is considered *not* completely resolved.
Tweak: More AVs detected and displayed on panel statistics
Tweak: Grabbed logins exports are now in standard ftp://user:pass@domain.com -OR- type://user:pass@domain.com:port
Tweak: UAC Social engineering trick no longer uses cmd.exe on Windows 7 systems
Tweak: Duplicate bot issue should be *less* of a problem now. However, not completely fixed
Both samples are packed
MD5: c34e927287aacc3df09f05f09abd8271
https://www.virustotal.com/en/file/f344 ... 379700423/
MD5: e2dfeedddcad222a0edb6e4a9b5205a4
https://www.virustotal.com/en/file/bc77 ... /analysis/
