skyline2050.net (Andromeda http botnet hosted by infiumhost.com)

Resolved skyline2050.net to 188.190.127.160

Server:  skyline2050.net
Gate file:  /761994/gate.php

This is andromeda 2.07, not the cracked 2.06. You can tell by the admin page located at /adm.php, not on the index page. The owner of this betabot is updating with this, abandoning the betabot.

Mining infos:  dum:dum@s5.6d6f6e65797072696e746572.com:3333

Hosting infos: http://whois.domaintools.com/188.190.127.160

Related md5s (search on malwr.com to download the samples):
Andromeda: f3d9605dd5e2a455b16a660de26f9ad5
Bitcoin miner: 117a7628521c95162a80bfdc4386287c

EDIT:
new mining infos: stratum+tcp://mp187.worker3:animals@youdbeproud228.com:3333

Categories: Uncategorized

1 Comment

Anonymous - June 15, 2013 at 5:44 pm

Wait a few more until panel gets leaked, then the bot ends up being cracked.

Comments are closed