Reversing Andromeda-Gamarue botnet
(Publication) Google search: [1]
Reversing Andromeda-Gamarue botnet | |
---|---|
Botnet | Andromeda, Gamarue |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2013 / 2013-06-07 |
Editor/Conference | Garage 4 Hackers |
Link | http://www.garage4hackers.com/content/154-reversing-andromeda-gamarue-botnet.html (Archive copy) |
Author | Rashid Bhatt |
Type | Blogpost |
Abstract
“ There has been recent waves of this botnet in wild , known as Andromeda-Gamarue . This botnet is modular, flexible and c2c internet controlled botnet. I Recently spent some time analysing this piece of dangerous botnet . This blog will explore the insights of this botnet and how malware's keep changing their structure in order to evade automatic analysis systems and to frustrate the malware analysts
TrendMicro notified about the rise of Gamarue botnet (https://blog.trendmicro.com/trendlab...romeda-botnet/) .
This one is a Modular botnet , which means its supports a plug-in interface system and can be extended. Apart from that , the main build sample provides some default features like, update bot, download and execute functionality. This Botnet also includes some interesting evasion techniques which i will be discussing later.
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1334, editor = {Garage 4 Hackers}, author = {Rashid Bhatt}, title = {Reversing Andromeda-Gamarue botnet}, date = {07}, month = Jun, year = {2013}, howpublished = {\url{http://www.garage4hackers.com/content/154-reversing-andromeda-gamarue-botnet.html}}, }