img196-imageshack.us(Andromeda http malware hosted in voxility.net)

This is another contribution from our anonymous friend
The sample here http://dl.dropbox.com/u/73806662/testandro.exe connects to img196-imageshack.us/pannel/image.php
to have acces to this panel u need user:passwd here imageshack.us/pannel/ feel free to brute it 🙂

from virustotal scan the file testandro.exe apears to be FUD

there is another file downloaded dl.dropbox.com/u/76205929/rk.cmd.dll wich from the name looks like rootkit or command to activate rootkit into infected machines i didnt checked this so feel free to explore it

hosting infos:
http://whois.domaintools.com/37.221.160.51

Categories: Uncategorized

Tags: Andromeda Bot

Previous postjers1.info(ngrBot hosted in Peru Datos)

Next posteu.triplemining.com(Bitcoin Miner malware hosted in Belgium Ict Ventures Bvba/sprl)

18 Comments

Anonymous - April 29, 2012 at 10:49 am

http://www.sendspace.com/file/pl09yb

http://www.sendspace.com/delete/pl09yb/1a5ef66effc0f88279593030cf9de349

maybe u can have fun with those samples and post more http botnet.

Pig - April 29, 2012 at 3:30 pm

interessing samples inside the package will check them and post new threads
thank you for this package

Anonymous - April 29, 2012 at 10:15 pm

here you go , aquiring many Andromeda bot via irc.

http://www.sendspace.com/delete/0w6p3g/44e00fa468a245a20b44e0f4afcaba3c

also don't forget upload data of the zeus and citdal etc i provide!

Pig - April 29, 2012 at 10:27 pm

the link is for deleting the package lol post the download link
i checked some zeus and citadel samples and some of them arent active anymore will check the rest tomorrow
thank you for your work man

Anonymous - April 29, 2012 at 10:54 pm

http://queerbag.com/bot/

http://www.sendspace.com/file/wa9tyf

http://www.sendspace.com/delete/wa9tyf/722b1422e74d050296d9cb0ad050be08

checkout that worm as well in the first rar

Pig - April 29, 2012 at 11:15 pm

got files now i m opening new thread with your information
thank you

Anonymous - April 29, 2012 at 11:20 pm

More andromeda. Nothing like a botnet that detects and sends it to panel 🙂 fuck all other bots 🙂

http://www.sendspace.com/file/i0b1kj

http://www.sendspace.com/delete/i0b1kj/b3a2e389dec711735faefc53b2a0c4ba

Pig - April 29, 2012 at 11:51 pm

http bots arent bad but loot at them one by one exposed by you and other guys lol

Anonymous - April 29, 2012 at 11:53 pm

It has all been me 😛 just get bin from botnet and then you have all data you need 🙂 are you also sending reports to their hosts and domains?

Pig - April 29, 2012 at 11:56 pm

no i dont report domains or hosts because most of them are like criminals they dont care about people being infected
all they want is the money but feel free to do it if u have patiente lol

Anonymous - April 30, 2012 at 12:16 am

Nope don't got time for that bullshit , but most are using non bp hosts just some shit from ovh or dc that will suspend upon 1 report. You should try.

Anonymous - April 30, 2012 at 2:06 am

Another Andromeda. LOL.

http://www.sendspace.com/file/kulxyp

http://www.sendspace.com/delete/kulxyp/4c555ea330d408db7873e80e87bb8dc4

ZeroSecurity - May 7, 2012 at 12:02 am

Never heard of Andromeda, where is it being distributed/sold?

Anonymous - May 7, 2012 at 5:52 pm

plz reupload Andromeda samples

Pig - May 7, 2012 at 6:01 pm

here u go http://tfile.biz/7895icjaqzjq.html
http://tfile.biz/5cxl0sw7x5hn.html

Anonymous - May 28, 2012 at 1:03 am

please reupload Andromeda samples one more time.

Pig - May 28, 2012 at 4:13 pm

here u go http://6fb55da4.urlbeat.net

Anonymous - June 1, 2012 at 2:41 pm

@ZeroSecurity it is sold by waahoo on a few russian forums iirc.

shinyhosting.ws.gy(Andromeda Bot hosted in United States Amsterdam Hosting Servers)

xylox.su (Betabot and Andromeda http botnets hosted by Panamaserver.com)

scum1904life.com (Andromeda http botnet hosted by 2×4.ru)