Cybercriminals use different methods to distribute malware like malicious advertisements, Exploit Kits, loaders or spam campaigns. Unless an attack is really targeted the bad guys will try to infect as many computers as possible and they need some automation for that. It is well-known that they use botnets to distribute malware and create spam campaigns. Popular malware families like Necurs, Cutwail, Onliner Spambot or Emotet are examples of this kind of botnets, which are not usually analyzed deeply because we tend to focus on the final malware families which are spread, like bankers, stealers or RATs. This talk will focus on one these malware families used to send spam, Onliner Spambot, explaining internal details about its different modules, its control panel, how it is checking and misusing stolen credentials, and about the threat actors who are operating it and selling it. Malware distribution is an interesting part of the cybercrime ecosystem and it is important to pay attention to those distribution botnets too.