KernelMode.info

A forum for reverse engineering, OS internals and malware analysis
https://www.kernelmode.info/forum/

Downloader.Dromedian

https://www.kernelmode.info/forum/viewtopic.php?f=21&t=2957

Page 1 of 1

Downloader.Dromedian

PostPosted:Tue Sep 17, 2013 4:03 pm
by Mad_Dud
Hi guys.

I'm analyzing Downloader.Dromedian - https://www.symantec.com/security_respo ... 99&tabid=2

So far i don't have sample yet, but symantec reports several infections in last 24 hours.

Most of the files is in format dx*.exe. Symantec lists several C&C domains and it looks like only these three are still active:
  • infoodstuffshop.com, 69.43.161.176
    flyshopear.ru, 95.211.172.143
    Maidarm.ru, 46.19.137.14
Does anybody have sample of most recent version? Do you know how it spreads? Do you know if there are any IDS signatures or do you know details on the method of communication to C&C besides http?

Link to VirusTotal analysis: https://www.virustotal.com/en/file/e771 ... /analysis/

Re: Downloader.Dromedian

PostPosted:Tue Sep 17, 2013 8:04 pm
by Xylitol
in attachement

Re: Downloader.Dromedian

PostPosted:Wed Sep 18, 2013 5:58 am
by EP_X0FF
This is Andromeda. This was even in your VT link as comment, have no idea why you created this request as we have dedicated topic full of this trash. You either do not know how to use search or just came here for "samples". Closed.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/