Backdoor Andromeda (waahoo, alias Gamarue)

Forum for analysis and discussion about malware.
dumb110
Posts: 108
Joined: Tue Jun 05, 2012 1:29 pm

Re: Backdoor Andromeda (alias Gamarue)

Post by dumb110 » Sun Jul 07, 2013 6:23 am

Thank for the analysis EP_XOFF :)

I got those samples from USB by sharing it with my friend who is infected currently,today I will be probably going to cleanse his machine off,I will post here if I find anything interesting.

I checked the detection of desktop.ini file with virustotal and to my suprise Emsisoft didnt detect it but avast did ;)

Thanks again!

rough_spear
Posts: 163
Joined: Mon Oct 18, 2010 4:46 pm
Location: India

Re: Backdoor Andromeda (waahoo, alias Gamarue)

Post by rough_spear » Tue Jul 30, 2013 12:23 pm

Hi,

Gamarue dropper.

md5 - f3763d17f0a2b9a64acdceccaf4321d5

Regards,

rough_spear. ;)
You do not have the required permissions to view the files attached to this post.

rough_spear
Posts: 163
Joined: Mon Oct 18, 2010 4:46 pm
Location: India

Re: Backdoor Andromeda (waahoo, alias Gamarue)

Post by rough_spear » Wed Jul 31, 2013 9:56 am

Hi,

one more gamarue sample.

MD5 - ADA72F13FA24346C5B6704EAF8285079

VT - https://www.virustotal.com/en/file/817f ... /analysis/

Regards,

rough_spear.
You do not have the required permissions to view the files attached to this post.

TwinHeadedEagle
Posts: 72
Joined: Mon Aug 27, 2012 6:59 am
Contact:

Re: Backdoor Andromeda (waahoo, alias Gamarue)

Post by TwinHeadedEagle » Fri Aug 02, 2013 9:28 am

Another dropper :)

MD5 - e4f4ae24234743e3cf9b8483a06ad2bd

VT Link: https://www.virustotal.com/en/file/cc14 ... /analysis/
You do not have the required permissions to view the files attached to this post.

SomeUnusedName
Posts: 46
Joined: Fri Oct 07, 2011 1:17 pm

Re: Backdoor Andromeda (waahoo, alias Gamarue)

Post by SomeUnusedName » Tue Aug 20, 2013 3:08 pm

And another researcher fell for its fake backdoor: http://joe4security.blogspot.ch/2013/08 ... wrong.html

p4r4n0id
Posts: 126
Joined: Thu Sep 22, 2011 11:36 am
Location: Israel
Contact:

Re: Backdoor Andromeda (waahoo, alias Gamarue)

Post by p4r4n0id » Tue Aug 20, 2013 9:09 pm

SomeUnusedName wrote:And another researcher fell for its fake backdoor: http://joe4security.blogspot.ch/2013/08 ... wrong.html
sample attached
You do not have the required permissions to view the files attached to this post.
Keep Low. Move Fast. Kill First. Die Last. One Shot. One Kill. No Luck. Pure Skill.
http://p4r4n0id.com/

dumb110
Posts: 108
Joined: Tue Jun 05, 2012 1:29 pm

Re: Backdoor Andromeda (waahoo, alias Gamarue)

Post by dumb110 » Thu Sep 12, 2013 12:38 pm

Behaves just like the sample I posted previously.
You do not have the required permissions to view the files attached to this post.

Win32:Virut
Posts: 324
Joined: Sat Jun 02, 2012 2:22 pm

Re: Backdoor Andromeda (waahoo, alias Gamarue)

Post by Win32:Virut » Tue Sep 24, 2013 1:29 pm

You do not have the required permissions to view the files attached to this post.

forty-six
Posts: 66
Joined: Tue Sep 03, 2013 3:23 pm

Re: Backdoor Andromeda (waahoo, alias Gamarue)

Post by forty-six » Mon Dec 16, 2013 2:55 pm

You do not have the required permissions to view the files attached to this post.

marauder
Posts: 1
Joined: Wed Jan 22, 2014 11:14 am

Re: Backdoor Andromeda (waahoo, alias Gamarue)

Post by marauder » Tue Jan 28, 2014 8:26 pm

- andromeda with default key [d40e75961383124949436f37f45a8cb6] used to drop so called "vbclip" - malware that changes bank account in clipboard ;]
https://www.virustotal.com/pl/file/e812 ... /analysis/
CNC has been utilized two days ago.

Post Reply