[en] Andromeda bot webpanel

Some days ago, i blog about Andromeda/Gamarue the panel Smokebot.
Today a look in the Andromeda bot webpanel.

Example of directory structure :

The panel permet to manage the bots and configure some tasks.
Also you can add plugins.


You can also Blacklist a bot :


here a task :

and here the type of task :

Of course, you can manage the tasks.
It’s possible to filter the task by country.
You have also some statistics about failure execution.

Here you can configure the panel (change access password, RC4 key etc).

Below, a network capture of the data transmission between the bot and the C&C :

The data is encryption on base64 over RC4Cryptage.
The rc4Crypt function :

Data Decryption with the rc4key stored in the config.php file :


and the arguments used to get data from the infected computers : la, bv, bid, ar etc.

Here a screenshot of a Andromeda webpanel in the wild.
The index.php has been renamed to stat.php

The stats.php ask fo an authentication

The login access is stored in md5 in the config.php file :


This panel is less present as Smokebot, but as you can see, Andromeda bot Web is a great alternative to Smokebot.

More informations (price etc)  on Kafeine’s blog : http://malware.dontneedcoffee.com/2012/07/inside-andromeda-bot-v206-webpanel-aka.html

Comment lire d'autres tutoriels de malekal.com ?

Si le site vous a aidé, svp, débloquez les bloqueurs de publicités, n'hésitez pas non plus à partager l'article ou le site sur les réseaux sociaux.

Pour pouvoir lire plus d'articles et tutoriels, utilisez le menu en haut du site. Plein d'articles et tutos utiles vous attendent !

Besoin d'aide ?

Posez votre question ou soumettez votre problème sur le forum malekal.com pour obtenir une aide efficace : Aller sur le forum malekal.com
(Visited 91 times, 1 visits today)

One thought on “[en] Andromeda bot webpanel

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *