Yet another Andromeda / Gamarue analysis

Some days ago I read the post about Joe Security's error when they analyzed an Andromeda sample and I also found new samples of this Trojan. Then I decided that I should write something about it. At least, just to remember some tricks of Andromeda for the next time and not starting from scratch. I'm Dory, I forget things ;)

When I analyzed this malware some months ago I thought that it was quite interesting due to the Anti-debugging and Anti-VM tricks it uses. You can also find references to the same malware with the name of Gamarue. It seems it is cool to rename the same malware with different names. Then you can find some families with three different names, like Cridex / Feodo / Bugat. Anyway, I also found these two links with very good and detailed information about analyzing Andromeda:


NFC CreditCard Reader


Language: C

Publication date: 2012-12-21

Description: Program based on readnfccc (by Renaud Lifchitz) to read some private data from credit cards, like cardholder, Permanent Account Number (PAN), expiry date, etc., using NFC technology. It has been tested with Spanish contactless credit cards, but can also be used with other countries cards. Take a look at this post (Spanish) and this video.

Requirements: libnfc (and an NFC reader, of course!)

Download it!



After installing libnfc, just compile the code:

$ gcc nfc_creditcard_reader.c -lnfc -o nfc_creditcard_reader

Place an NFC credit card close to the reader and execute it:

Syndicate content