Botnet Rarog Mining Botnet v7.0.0

[dEEpEst]

 
 
 

This link is hidden for visitors. Please Log in or register now.

Go
 
 

 
 

 

 
 
Rarog is a Trojan with a built-in miner module and botnet elements. Rarog is written in C / C ++, builds without dependencies on VC ++ (Multi-threaded runtime (/ MT) library). Build weight: 410kb (v3.0). 

Rarog can hide the miner's process from the following task managers: Windows Task Manager, Process Killer, KillProcess, System Explorer, Process Explorer, AnVir, Process Hacker. Trojan disguised as a Realtek driver, copying the headers of the original utilities. 

If you are not familiar with hidden mining, then read this article - http://telegra.ph/Zarabatyvaem-na-skrytom-majninge-09-03 . 

Infection process:
When you first start, Rarog determines whether the system is infected. If the system is not infected, it creates a hidden folder in the system directory, is copied into it and starts with a special flag, destroying the original file. Then it is fixed in the system - it adds entries to the registry, creates shortcuts and tasks in the system. It then accesses the Rest API, transmits data about the victim's machine, and obtains the machine uID. Then it receives the miner's configuration (CPU / GPU), unloads the corresponding miner version from the server and launches it in hidden mode. 

Features:

1. Low build weight (410kb).
   
2. Fixing the system.
   
3. No dependencies on VC ++, correct work even on a clean OS.
   
4. Masking for drivers.
   
5. Hiding the miner's process from all popular task managers (see the list above).
   
6. User-mode Trojan (work without administrator rights; support for working with a guest account).
   
7. The ability to update the Trojan on infected machines using the admin panel.
   
8. The ability to update the miner's builds through the admin panel.
   
9. Tasks (opening a site in a browser, DDoS, downloading and launching any files)
   
10. All important data transmitted between the bot and the server is encrypted.
    
11. The trojan is tied to the customer's server, it is impossible to untie it and use it for its own purposes (all configs are packed).
    
12. The admin panel is installed on the server of the buyer.
    
13. Recovery in the system after the complete removal of the Trojan.
    
14. Automatic infection of USB devices.
    
15. Search and remove third-party miners on the PC.
    
16. Helpers are special processes that protect the main process of the Trojan.
    
17. Increasing the privilege process to the system (relevant only for Windows 7).
    

Mining profiles: The 
unique feature of this Trojan is mining profiles. According to the standard after the purchase you get 10 builds of the Trojan, tied to 10 profiles in the admin panel. For each profile, you can specify your own miner configuration. 

This functionality can be useful for those who want to build a team of people who will distribute the builds and get a certain percentage of mining. In the admin panel displays useful information: the number of installations of each profile, and the list of bots displays the name of each profile (you can specify any). 


What is included:

1. Admin panel.
   
2. 10 builds trojan under profiles.
   
3. Manual installation and configuration.
   
4. Recommendations for use.
   
5. Help in setting up.
   
6. Support for all issues.
   
7. Protector to protect builds from VirusTotal.
   

Download:

To see this hidden content, you must like this content.