Nuclear Bot (Nuke Bot) Code Leaked Online

A couple of months back Arbornetworks done analysis of nuclear bot under title, dismantling a nuclear bot. We already analysed malware abusing swift banking. That time it was mentioned as a new banking trojan module and appeared in sale on underground hacking forums at the price of $2.5K. They analyzed the following sample: https://www.virustotal.com/en/file/ff83aaa74ec364f4c2403409a28df93ef97e8a61ba79fdb1c94d7081f48e794e/analysis/1490938720/
This is where that sample ping back. And we also checked anything interesting apart from the analysis made Arbornetworks. We found the sample variant have anti analysis modules like analysis aware strings:







This week the source code of the nuclear bot (nuke bot) leaked in online code sharing platform. The author made the code available on the net due to the distrust of the hacking community members. Members of underground forum treated the authors as just like spammer, due to the lack of free trial of the module for premium members.


Important samples seen in the wild:
https://www.virustotal.com/en/file/ff83aaa74ec364f4c2403409a28df93ef97e8a61ba79fdb1c94d7081f48e794e/analysis/1490938720/
https://www.virustotal.com/en/file/53af22828a2a1190105c6846ae9e32ab6ce87388b77838d456432ee6e9de7343/analysis/1490938116/
https://www.virustotal.com/en/file/25a361f297c6d399410b47af5504f4bb2c9327de55168a31154fbee21fa4b186/analysis/1490938074/


Popular AV detection:
a variant of Win32/Agent.YOB
Trojan-Banker.Win32.Nuclear.a
Trojan.Win32.Nuclear.ekazpz
TR/Spy.Banker.qexzn




Post created by
newWorld

Comments

Google Plus:

Popular Posts

Chitika Ads