A recent Malware Lab investigation I’ve been working on led me to two interesting files on a Russian botnet:
I don’t know if these are well known or not, but they describe how to install the botnet backend as well as what’s been added between version 1.0 to 6.0.
Here are the executables that were on the same server:
8.exe
http://www.virustotal.com/analisis/d32c1247b9cc80db7c50bd0b91d3a4d523672e9c238f99e1972b75d04340ab88-1255645683
http://www.threatexpert.com/report.aspx?md5=0d431ffb676be2c091eda0445282b59e
R23.exe
http://www.virustotal.com/analisis/46841255cd4e91cf93c74c539c13cf57beea6ec33c0c6502c2d14fb7182ce7ef-1255651763
http://www.threatexpert.com/report.aspx?md5=6de4aeaca08b57339e2890a35c84a968
R31.exe
http://www.virustotal.com/analisis/8e0df4b3e31afd1e73d68bdf7bb3f35c61d9d12cf35c0d36a8b0d98459b88b40-1255645829
http://www.threatexpert.com/report.aspx?md5=4672d5000ea2ed47ff7089666bf18186
Windows_Protector.exe
http://www.virustotal.com/analisis/23f064ca6f2c661899a0e227735b993c05186cfdc1abdc0c9e884661159d97a9-1255652491
http://www.threatexpert.com/report.aspx?md5=43ec3ee7742dc809dc2690508b111ddf