This is another contribution from our anonymous friend
The sample here http://dl.dropbox.com/u/73806662/testandro.exe connects to img196-imageshack.us/pannel/image.php
to have acces to this panel u need user:passwd here imageshack.us/pannel/ feel free to brute it 🙂
from virustotal scan the file testandro.exe apears to be FUD
there is another file downloaded dl.dropbox.com/u/76205929/rk.cmd.dll wich from the name looks like rootkit or command to activate rootkit into infected machines i didnt checked this so feel free to explore it
Anonymous - April 29, 2012 at 10:49 am
maybe u can have fun with those samples and post more http botnet.
Pig - April 29, 2012 at 3:30 pm
interessing samples inside the package will check them and post new threads
thank you for this package
Anonymous - April 29, 2012 at 10:15 pm
here you go , aquiring many Andromeda bot via irc.
also don't forget upload data of the zeus and citdal etc i provide!
Pig - April 29, 2012 at 10:27 pm
the link is for deleting the package lol post the download link
i checked some zeus and citadel samples and some of them arent active anymore will check the rest tomorrow
thank you for your work man
Anonymous - April 29, 2012 at 10:54 pm
checkout that worm as well in the first rar
Pig - April 29, 2012 at 11:15 pm
got files now i m opening new thread with your information
Anonymous - April 29, 2012 at 11:20 pm
More andromeda. Nothing like a botnet that detects and sends it to panel 🙂 fuck all other bots 🙂
Pig - April 29, 2012 at 11:51 pm
http bots arent bad but loot at them one by one exposed by you and other guys lol
Anonymous - April 29, 2012 at 11:53 pm
It has all been me 😛 just get bin from botnet and then you have all data you need 🙂 are you also sending reports to their hosts and domains?
Pig - April 29, 2012 at 11:56 pm
no i dont report domains or hosts because most of them are like criminals they dont care about people being infected
all they want is the money but feel free to do it if u have patiente lol
Anonymous - April 30, 2012 at 12:16 am
Nope don't got time for that bullshit , but most are using non bp hosts just some shit from ovh or dc that will suspend upon 1 report. You should try.
Anonymous - April 30, 2012 at 2:06 am
Another Andromeda. LOL.
ZeroSecurity - May 7, 2012 at 12:02 am
Never heard of Andromeda, where is it being distributed/sold?
Anonymous - May 7, 2012 at 5:52 pm
plz reupload Andromeda samples
Pig - May 7, 2012 at 6:01 pm
here u go http://tfile.biz/7895icjaqzjq.html
Anonymous - May 28, 2012 at 1:03 am
please reupload Andromeda samples one more time.
Pig - May 28, 2012 at 4:13 pm
here u go http://6fb55da4.urlbeat.net
Anonymous - June 1, 2012 at 2:41 pm
@ZeroSecurity it is sold by waahoo on a few russian forums iirc.