ns1.androha.com (Andromeda http botnet hosted by namecheap.com)

By I_Post_Ur_Info, August 17, 2013

Resolved ns1.androha.com to 162.213.250.141

Server: ns1.androha.com
Gate file: /cgi/image.php

Plugins:
Rootkit: hxxp://ns1.androha.com/cgi/r.pack
Socks: hxxp://ns1.androha.com/cgi/s.pack
Formgrabber: hxxp://ns1.androha.com/cgi/f.pack
Gate file: /cgi/fg.php

First cracked andromeda I’ve seen in a while.

Hosting infos: http://whois.domaintools.com/162.213.250.141

Related md5s (Search on malwr.com to download the sample)
Andromeda: c5598dd742b5504084779ccfda0b207c

Categories: Uncategorized

Tags: Andromeda BotBitcoin Miner Botnet

Previous postallrounders.cc (Athena http botnet hosted by hostkey.com)

Next post74.121.150.39 (WordPress brute forcing botnet hosted by it7.net)

illuminati.sx (Plasma http botnet hosted by worldstream.nl)

shinyhosting.ws.gy(Andromeda Bot hosted in United States Amsterdam Hosting Servers)

meziamussucemaqueue.su (Betabot http botnet hosted by sunnyvision.com)