Log in with:
Facebook | Google

Name: carberp2


This version of Carberp was built from the leaked source code. The bot code was built from the BJWJ source directory, specifically the "RU_Az" project.

The bot was then configured using the BotBuilder12.exe utility in the pro/source builder plugins inj's modules etc/Builder directory. The encryption key used was AUvS8jou0Z9K7Bf9, and it was configured to contact remember.gtisc.gatech.edu.

Debugging symbols for the malware are also available: RU_Az.pdb.

A PCAP file containing the network traffic on the VM is available: RU_AZ.pcap

Download: rrlogs/carberp2.rr

Tags: carberp   malware  

QEMU Command Line:

$PANDA_DIR/qemu/x86_64-softmmu/qemu-system-x86_64 -m 1024 -replay carberp2 

Created by: moyix

Uploaded on: July 30, 2014, 4:29 p.m.