Beta Bot v1.7.0.1 Full Including Builder + Upcoming release Beta Bot v1.8.0 [Working with all current browsers]

Version 1.6.0.2 (Released: 10/17/2013)

Bot
  • Bot no longer changes "Hide protected operating system files" folder option for explorer
  • Fixed issue where bot would sometimes set a restrictive DACL on its working directory if run from an unexpected location

Panel
  • Misc panel bug fixes
Version 1.6.0.0 (Released: 10/10/2013)

Bot
  • File search now is more configurable:
      a) Allows folder exclusions (To help prevent useless results/search time)
      b) Allows files with certain strings found in their filename to be uploaded
      c) Maximum search terms increased to 128, maximum filename terms is 64
      d) Parameter "nocache" allows you to have already sent files uploaded again
  • Botkiller updated once again. New techniques added and existing code revised.
  • Fixed issue where IE would freeze on load when Avast! was disabled by the AV killer
  • Injector now more compatible with games/anti-cheat components
  • Fixed issue with formgrabber sometimes uploading the wrong part of captured form content in Firefox and Chrome
  • Bot now uploads select header fields with each formgrab capture (when available): User-Agent, Referer, Cookie and Accept-Languages
  • Fixed DNS Modifier not working with latest versions of Firefox (22+). Another function had to be hooked.
  • Fixed issue where sometimes UAC prompt would come up even after accepting it because there was a delay in processing messages from the window queue
  • A couple tweaks to installation code
  • Misc beneficial changes to bot protection (persistence) code
  • Fixed a few issues with updater
  • Windows Defender is now thoroughly disabled instead of just turned off

Panel
  • Extended the GeoIP information displayed (ASN Name, City information) when available. *
  • Fixed IE formgrab logs sometimes appearing as "Unknown" browser
  • Fixed formgrab "view detail" page content sometimes causing table to stretch too far, distorting other table cells.
  • Fixed issue where searching bots with comments would return zero results
  • Fixed invalid links for page numbers
  • Misc fixes to panel HTML code

Notes
  • The size of the geolite imports is quite large so if users have no use for this, they can simply choose not to import it
Version 1.5.0.0 (Released: 9/15/2013)

Bot - Major
  • 64-bit userkit
  • POP3 grabber
  • Chrome grabber / DNS redirection support
  • File search - Search all files' content for keywords and upload files containing matches to panel
  • Config editor to edit builds -- Change group names, and modify other minor settings/initial behavior
  • Block installation of some bootkits (Mainly Rovnix(Carberp) - Can toggle on/off from panel)
  • Enhanced bot resource protection (persistence) on some systems (around 40%~) (Much harder to remove in some cases)

Bot - Minor
  • Run DLL/Jar files
  • File size now less than 140kb
  • Fetches UAC social engineering translations from panel
  • ESET AV Killer now works on Vista+, AV Killer updated to include Ahnlab v3 Lite (XP only), BitDefender (on minimal config)
  • Better support for Avast sandbox. All sandbox prompts are now automatically accepted to increase download/exec rate.
  • Proactive bypasses updated (Trend Micro/McAfee now fully bypassed, BitDefender bypass finished but not 100% reliable)
  • PuTTY Live login grabber now works with latest update (0.63). New code locations and improper typecasting previous caused crash in latest version (0.63)
  • Improved crypter compatibility
  • Added new detection techniques to botkiller and increased overall efficiency

Panel - Minor
  • Enhanced search features
  • TOR Blacklist
  • Remove bot/other buttons on bot list
  • Graphs added to statistics page / Panel settings reorganized
  • Can now delete individual form/login grab entries
  • Can now add lists of formgrab url masks at a time (Instead of just one at a time)
  • Modify main bot list view settings (Change display order and maximum number of bots displayed per page)
  • Main index now displays top 5 countries graph and world map based on bot count
  • GeoIP updated

Panel - Major
  • Notes system. Leave notes for single/all user(s)
  • Task failure tracking
  • AV Checker (s4y)
  • Event logs page added in panel settings
  • Bot grouping via group names
  • Formgrabber filter management options increased, form search enhanced and other useful changes to formgrab feature
  • Login grabber can now be toggled on/off


Fixes/Tweaks
  • Fixed issue where large amounts of page numbers would take up entire webpage
  • Fixed issue with formgrab filter management not properly handling some SQL queries
  • Fixed issue with task processing where if bot received more than 3 tasks at once, it would only process first 3, and may sometimes crash while attempting to parse the 4th one
  • Fixed crash issue related to thread creation in some processes
  • Fixed rare issue in process injector where an improperly initialized structure could result in fatal crash
  • Fixed a few memory leak issues
  • Fixed formgrabber compatibility with Firefox versions >= 22
  • Fixed issue with hook restorer not restoring system call hook
  • Fixed formgrabber for Windows 8, however, userkit is still having issues
  • Tweak: Systems configured to use a proxy for internet access are now supported if bot cannot access directly after cycling through C&C list
  • Tweak: HTTP Component now handles `302 Found` issues better. However, issue is considered *not* completely resolved.
  • Tweak: More AVs detected and displayed on panel statistics
  • Tweak: Grabbed logins exports are now in standard ftp://user:pass@domain.com -OR- type://user:pass@domain.com:port
  • Tweak: UAC Social engineering trick no longer uses cmd.exe on Windows 7 systems
  • Tweak: Duplicate bot issue should be *less* of a problem now. However, not completely fixed

Screenshots

Betabot ,botnet

Betabot ,botnet

Betabot ,botnet

Betabot ,botnet

Betabot ,botnet

Betabot ,botnet


  • Form Grabber
    When specified sites are detected, Betabot will pull any relevant forms as they are sent, and export details to the main panel. In order for the Form Grabber to work, you must specify filters on the panel. When creating filters, the use of wildcards (*) are supported.
    • FireFox (Normal and SSL)
    • Internet Explorer (Normal and SSL)
    • Google Chrome (Normal and SSL)
  • x86/64 Userkit
    Userland rootkit for both 32 bit and 64 bit systems allows the bot to remain untouchable to other bots and basic user interference. Innovative technique for intercepting system calls on x86 systems allows for better compatibility with other bots. All hooks made will be restored if removed and general unhooker removes 3rd party hooks on sensitive NT service stubs.
  • AntiVirus Disabler
    Using multiple methods removal methods, Betabot is able to remove or disable over 30 different Anti Viruses from user mode. On Vista and 7, elevation is required for this function to work properly. To help achieve maximum efficiency, a custom social engineering tactic (written in 12 languages) is used to trick the user into elevating the bot process. This method has proven to be roughly 70% - 80% effective when attempting to elevate privileges. 

    • Ahnlab v3 Lite (XP only)
    • ArcaVir
    • Avast!
    • AVG
    • Avira
    • BitDefender (On minimal config)
    • BKAV
    • BullGuard
    • Emsisoft Anti-Malware
    • ESET NOD32 / Smart Security
    • F-PROT
    • F-Secure IS
    • GData IS
    • Ikarus AV
    • K7 AntiVirus
    • Kaspersky AV/IS (Older versions only)
    • Lavasoft Adaware AV
    • MalwareBytes Anti-Malware
    • McAfee
    • Microsoft Security Essentials
    • Norman AntiVirus
    • Norton AntiVirus (Vista+ only)
    • Outpost Firewall Pro
    • Panda AV/IS
    • Panda Cloud AV (Free version)
    • PC Tools AntiVirus
    • Rising AV/IS
    • Sophos Endpoint AntiVirus
    • Total Defense
    • Trend Micro
    • Vipre
    • Webroot SecureAnywhere AV
    • Windows Defender
    • ZoneAlarm IS
  • Anti-Malware (Botkiller)
    Complex heuristic-based anti-malware component allows for thorough removal of not only major/common malware used in PPI ventures and more. Suspicious autostart items, files, processes and injected code will be removed/disabled when possible. Special options to target BTC/LTC miners is available.
  • DNS Blocker/Redirector
    The domain name modifier allows domains to be forced to resolve to any IP provided, or flat out blocked. All popular browsers/desktop applications supported.
  • Live FTP/POP3 grabber
    Network data interception allows FTP and POP3 logins over non-SSL connections to be intercepted and recorded in real time. Additionally, SSH logins made from PuTTY client are recorded and reported to the server.
  • File Search
    Ability to search all files on local hard disks for certain terms or files with certain names/extensions. Additionally, directories can be excluded from the search. Files matching search parameters will be uploaded to the C2 server.
  • Proactive Defense Mode
    Special self-defense mode that can be toggled on and off. When turned on, this will block most known methods of code injection and other malware-related activity to ensure only betabot is in control.
  • General bot defense
    Using a myriad of different concepts, betabot protects itself from removal/tampering. Areas of protection include process, autostart and file protection. Betabot is highly resistant to code injection, file removal and unhooking.
  • Additional features:
    • File Size < 150kb
    • Config Editor to edit builds -- Change group names
    • Block Bootkit Installation of some Bootkits (Mainly Rovnix(Carberp)). Can be toggled on/off from the panel.
    • Multi Server Support for up to 16 different servers. Different configurations are possible for each individual server.
    • Four different DDoS methods. Various settings to change. Uses local information to attempt to randomize headers in HTTP Floods.
         UDP
         Rapid Connect/Disconnect
         HTTP GET
         Slowloris
    • Experimental Ruskill - Using an active Sandbox-like, Betabot will attempt to sequester specified programs and roll back any changes made by them after Running. This feature is currently in development and may not work on some bots.
    • USB Autorun - When enabled, Betabot will add itself to any USB drive inserted into the machine using LNK-File swap techniques.
    • SOCKS4 Server - Turn your bots into dedicated SOCKS4 proxies. You may set the port as well as the duration. Supports UPnP.
    • FTP Stealer harvests live FTP logins as they happen in real time.
    • Anti Virus Checker allows you to enter your Scan4You account info into the panel and makes use of the S4Y API for quick and easy scanning, straight from your own panel.
    • Various Rudimentary Antis To help maintain the integrity of Beta Bot and to protect various pieces of vital code, Beta Bot makes use of multiple anti debugging and anti dumping methods.
    • Download / Update / Uninstall / etc - Basic commands expected of all bots. Supports DLLs and JAR files.
    • Additional User Accounts - Ability to create additional user accounts to access your panel. Fully customizable access levels.
    • Advanced Search Options to locate specific bots quickly and easily.
Version 1.7.0.1



Share on Google Plus

About Cyber Security Awareness

This is a short description in the author block about the author. You edit it by entering text in the "Biographical Info" field in the user admin panel.