This is another contribution from our anonymous friend
The sample here http://dl.dropbox.com/u/73806662/testandro.exe connects to img196-imageshack.us/pannel/image.php
to have acces to this panel u need user:passwd here imageshack.us/pannel/ feel free to brute it 🙂
from virustotal scan the file testandro.exe apears to be FUD
there is another file downloaded dl.dropbox.com/u/76205929/rk.cmd.dll wich from the name looks like rootkit or command to activate rootkit into infected machines i didnt checked this so feel free to explore it
hosting infos:
http://whois.domaintools.com/37.221.160.51
Anonymous - April 29, 2012 at 10:49 am
http://www.sendspace.com/file/pl09yb
http://www.sendspace.com/delete/pl09yb/1a5ef66effc0f88279593030cf9de349
maybe u can have fun with those samples and post more http botnet.
Pig - April 29, 2012 at 3:30 pm
interessing samples inside the package will check them and post new threads
thank you for this package
Anonymous - April 29, 2012 at 10:15 pm
here you go , aquiring many Andromeda bot via irc.
http://www.sendspace.com/delete/0w6p3g/44e00fa468a245a20b44e0f4afcaba3c
also don't forget upload data of the zeus and citdal etc i provide!
Pig - April 29, 2012 at 10:27 pm
the link is for deleting the package lol post the download link
i checked some zeus and citadel samples and some of them arent active anymore will check the rest tomorrow
thank you for your work man
Anonymous - April 29, 2012 at 10:54 pm
http://queerbag.com/bot/
http://www.sendspace.com/file/wa9tyf
http://www.sendspace.com/delete/wa9tyf/722b1422e74d050296d9cb0ad050be08
checkout that worm as well in the first rar
Pig - April 29, 2012 at 11:15 pm
got files now i m opening new thread with your information
thank you
Anonymous - April 29, 2012 at 11:20 pm
More andromeda. Nothing like a botnet that detects and sends it to panel 🙂 fuck all other bots 🙂
http://www.sendspace.com/file/i0b1kj
http://www.sendspace.com/delete/i0b1kj/b3a2e389dec711735faefc53b2a0c4ba
Pig - April 29, 2012 at 11:51 pm
http bots arent bad but loot at them one by one exposed by you and other guys lol
Anonymous - April 29, 2012 at 11:53 pm
It has all been me 😛 just get bin from botnet and then you have all data you need 🙂 are you also sending reports to their hosts and domains?
Pig - April 29, 2012 at 11:56 pm
no i dont report domains or hosts because most of them are like criminals they dont care about people being infected
all they want is the money but feel free to do it if u have patiente lol
Anonymous - April 30, 2012 at 12:16 am
Nope don't got time for that bullshit , but most are using non bp hosts just some shit from ovh or dc that will suspend upon 1 report. You should try.
Anonymous - April 30, 2012 at 2:06 am
Another Andromeda. LOL.
http://www.sendspace.com/file/kulxyp
http://www.sendspace.com/delete/kulxyp/4c555ea330d408db7873e80e87bb8dc4
ZeroSecurity - May 7, 2012 at 12:02 am
Never heard of Andromeda, where is it being distributed/sold?
Anonymous - May 7, 2012 at 5:52 pm
plz reupload Andromeda samples
Pig - May 7, 2012 at 6:01 pm
here u go http://tfile.biz/7895icjaqzjq.html
http://tfile.biz/5cxl0sw7x5hn.html
Anonymous - May 28, 2012 at 1:03 am
please reupload Andromeda samples one more time.
Pig - May 28, 2012 at 4:13 pm
here u go http://6fb55da4.urlbeat.net
Anonymous - June 1, 2012 at 2:41 pm
@ZeroSecurity it is sold by waahoo on a few russian forums iirc.