www.mydowncenter.me (Andromeda http botnet hosted by pw-service.com)

By I_Post_Ur_Info, June 6, 2013

Resolved www.mydowncenter.me to 37.0.122.132

Server: www.mydowncenter.me
Gate file: /andro/image.php

Plugins
Rootkit: hxxp://www.mydowncenter.me/andro/r.pack
Socks: hxxp://www.mydowncenter.me/andro/s.pack
Formgrabber: hxxp://www.mydowncenter.me/andro/f.pack
Gate file: /andro/fg.php

Hosting infos: http://whois.domaintools.com/37.0.122.132

Related md5s (search on malwr.com to download the samples):
Andromeda: a26ffa2c7bd0e7899b04768f9e76a938

Categories: Uncategorized

Tags: Andromeda Bot

Previous post150mb samples

Next postcthulhuhf.net (Betabot http botnet hosted by warez-host.com)

2 Comments

Anonymous - June 6, 2013 at 11:12 pm

there's also an athena http hosted on the same site that gave orders to download that sample (version 1.0.8, hosted in root – gate file is /gate.php)
. it also ordered to download another exe that was 404'd

Anonymous - June 7, 2013 at 4:00 am

Also Athena HTTP

hxxp://www.mydowncenter.me/login/

shinyhosting.ws.gy(Andromeda Bot hosted in United States Amsterdam Hosting Servers)

xylox.su (Betabot and Andromeda http botnets hosted by Panamaserver.com)

scum1904life.com (Andromeda http botnet hosted by 2×4.ru)

2 Comments

Anonymous - June 6, 2013 at 11:12 pm

Anonymous - June 7, 2013 at 4:00 am

Comments are closed