[Mad_Dud]

Hi guys.

I'm analyzing Downloader.Dromedian - https://www.symantec.com/security_respo ... 99&tabid=2

So far i don't have sample yet, but symantec reports several infections in last 24 hours.

Most of the files is in format dx*.exe. Symantec lists several C&C domains and it looks like only these three are still active:

• infoodstuffshop.com, 69.43.161.176
  flyshopear.ru, 95.211.172.143
  Maidarm.ru, 46.19.137.14

Does anybody have sample of most recent version? Do you know how it spreads? Do you know if there are any IDS signatures or do you know details on the method of communication to C&C besides http?

Link to VirusTotal analysis: https://www.virustotal.com/en/file/e771 ... /analysis/

[Xylitol]

in attachement

[EP_X0FF]

This is Andromeda. This was even in your VT link as comment, have no idea why you created this request as we have dedicated topic full of this trash. You either do not know how to use search or just came here for "samples". Closed.