Reversing Andromeda-Gamarue botnet

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

Reversing Andromeda-Gamarue botnet
Botnet Andromeda, Gamarue
Malware
Botnet/malware group
Exploit kits
Services
Feature
Distribution vector
Target
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2013 / 2013-06-07
Editor/Conference Garage 4 Hackers
Link http://www.garage4hackers.com/content/154-reversing-andromeda-gamarue-botnet.html (Archive copy)
Author Rashid Bhatt
Type Blogpost

Abstract

There has been recent waves of this botnet in wild , known as Andromeda-Gamarue . This botnet is modular, flexible and c2c internet controlled botnet. I Recently spent some time analysing this piece of dangerous botnet . This blog will explore the insights of this botnet and how malware's keep changing their structure in order to evade automatic analysis systems and to frustrate the malware analysts

TrendMicro notified about the rise of Gamarue botnet (https://blog.trendmicro.com/trendlab...romeda-botnet/) .

This one is a Modular botnet , which means its supports a plug-in interface system and can be extended. Apart from that , the main build sample provides some default features like, update bot, download and execute functionality. This Botnet also includes some interesting evasion techniques which i will be discussing later.

Bibtex

 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2013BFR1334,
   editor = {Garage 4 Hackers},
   author = {Rashid Bhatt},
   title = {Reversing Andromeda-Gamarue botnet},
   date = {07},
   month = Jun,
   year = {2013},
   howpublished = {\url{http://www.garage4hackers.com/content/154-reversing-andromeda-gamarue-botnet.html}},
 }