Page 23 - CDM Cyber Warnings November 2013
P. 23
Below a list of standard features present in the Atrax crimekit:
Kill
Update
Download (over Tor), Execute (Commandline-Parameter allowed)
Download (over Tor), Execute (Commandline-Parameter allowed) in memory
Install Plugin
Installation List (A list with all installed applications
"Apparently the author admits that the main component, which has a fairly big size of ~1,2 MB is
due to TOR integration and x64/x86 code. However a first stage free assembler web
downloader ~2KB is also available making the infection process slighly lightweight." has written
Mønsted.
The plug-in stealer according the author is very efficient and implements a wealth of
functionality:
Steals all current browser versions.
Steals: CHROME, FIREFOX, SAFARI, INTERNET EXPLORER, OPERA, FILEZILLA,
PIDGIN, JDOWNLOADER v1 + v2, GIGATRIBE, THUNDERBIRD, WINDOWSKEY,
FLASHFXP, ICQ, MSN, WINDOWS LIVE, OUTLOOK, PALTALK, STEAM Username
Only, TRILLIAN, MINECRAFT, DYNDNS, SMARTFTP, WSFTP, Bitcoin Wallet (Armory,
Bitcoin-Qt, Electrum, Multibit)
If you need something more -> ask me.
Special: JDownloader v1/v2, Bitcoin Wallet Stealer (whole wallet.dat will be uploaded),
IE10 + IE11 support!
Bitcoin / Litecoin Miner
It is so able to operate with principal browsers available on the market. No doubt, Atrax crimekit
has all the characteristics to succeed in the underground criminal.
Source: Pierluigi Paganini, Editor-in-Chief, CDM
23 Cyber Warnings E-Magazine – November 2013 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
