Some days ago, i blog about Andromeda/Gamarue the panel Smokebot.
Today a look in the Andromeda bot webpanel.
Example of directory structure :
The panel permet to manage the bots and configure some tasks.
Also you can add plugins.
You can also Blacklist a bot :
here a task :
Of course, you can manage the tasks.
It’s possible to filter the task by country.
You have also some statistics about failure execution.
Here you can configure the panel (change access password, RC4 key etc).
The data is encryption on base64 over RC4Cryptage.
The rc4Crypt function :
Data Decryption with the rc4key stored in the config.php file :
and the arguments used to get data from the infected computers : la, bv, bid, ar etc.
Here a screenshot of a Andromeda webpanel in the wild.
The index.php has been renamed to stat.php
The stats.php ask fo an authentication
The login access is stored in md5 in the config.php file :
This panel is less present as Smokebot, but as you can see, Andromeda bot Web is a great alternative to Smokebot.
More informations (price etc) on Kafeine’s blog : http://malware.dontneedcoffee.com/2012/07/inside-andromeda-bot-v206-webpanel-aka.html