[en] Andromeda bot webpanel

Some days ago, i blog about Andromeda/Gamarue the panel Smokebot.
Today a look in the Andromeda bot webpanel.

Example of directory structure :

The panel permet to manage the bots and configure some tasks.
Also you can add plugins.


You can also Blacklist a bot :


here a task :

and here the type of task :

Of course, you can manage the tasks.
It’s possible to filter the task by country.
You have also some statistics about failure execution.

Here you can configure the panel (change access password, RC4 key etc).

Below, a network capture of the data transmission between the bot and the C&C :

The data is encryption on base64 over RC4Cryptage.
The rc4Crypt function :

Data Decryption with the rc4key stored in the config.php file :


and the arguments used to get data from the infected computers : la, bv, bid, ar etc.

Here a screenshot of a Andromeda webpanel in the wild.
The index.php has been renamed to stat.php

The stats.php ask fo an authentication

The login access is stored in md5 in the config.php file :


This panel is less present as Smokebot, but as you can see, Andromeda bot Web is a great alternative to Smokebot.

More informations (price etc)  on Kafeine’s blog : http://malware.dontneedcoffee.com/2012/07/inside-andromeda-bot-v206-webpanel-aka.html

(Visité 131 fois, 1 visites ce jour)