Userbased wrote:The andromeda sample connects to ugctrust.com/image.php. No download tasks for it at the moment.Actually It is supposed to connect to both.
I can report of what the reproduction pcap data/memory dump shows only,
I would love to see it connect to ugctrust.com since the original report also showed it download payloads ransomware from that site. That'll be a crime evidence we're after.