1 min read

MiniDuke - Even Older than we Thought

Răzvan STOICA

March 02, 2013

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
MiniDuke - Even Older than we Thought

Bitdefender antimalware researchers have found yet another sample of the MiniDuke malware, only this one is dated June 20, 2011, the oldest found so far.

The malware sample is a small executable that drops and loads a .dll. The dll is a little bit different from more recent versions, it has many imports, just as if it was an ordinary program,  from kernel32.dll, user32.dll, gdi32.dll and comctl32.dll. Also, the method of computing the system fingerprint is a little different.

Interestingly, the current time/date was then fetched from tycho.usno.navy.mil/cgi-bin/timer.pl (Department of the Navy site).

There is no Google search backup way to contact command and control servers (if connecting to Twitter fails, then nothing happens). So we can see that the use of Google search technique has been introduced after 2011.

There are also new (to us) Twitter indicatives: ObamaApril and Qae9XMs. In this earlier version the malware connects to twitter.com directly, instead of via mobile.twitter.com as in 2012/2013 versions.

Surprisingly enough, the Twitter account which was used is still active. Its last and single post is from Feb 21, 2012. tweet is uri!wp07VkkxYt3Ag/bdbNgi3smPJvX7+HLEw5H6/S0RsmHKtA== and this decodes to “http://afgcall.com/demo/index.php”, another server that was probably hacked. However, no files have been found on that particular server. This is probably because the malware sample is so old that the command and control server is no longer active.

A removal tool covering all known variants (including this one) has been posted here:

[download id=”3800″]

tags


Author



Right now

Top posts

Vulnerabilities Identified in Wyze Cam IoT Device

Vulnerabilities Identified in Wyze Cam IoT Device

March 29, 2022

1 min read
New FluBot and TeaBot Global Malware Campaigns Discovered

New FluBot and TeaBot Global Malware Campaigns Discovered

January 26, 2022

10 min read
Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

Bitdefender Honeypots Signal Active Log4Shell 0-Day Attacks Underway; Patch Immediately

December 10, 2021

2 min read
Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

Bitdefender, Law Enforcement Partnership Saves REvil Victims Half a Billion in Ransom Demand

November 08, 2021

2 min read
Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

Bitdefender Offers Free Universal Decryptor for REvil/Sodinokibi Ransomware

September 16, 2021

2 min read
LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

LuminousMoth – PlugX, File Exfiltration and Persistence Revisited

July 21, 2021

9 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike New FluBot Campaign Sweeps through Europe Targeting Android and iOS Users Alike
Filip TRUȚĂRăzvan GOSAAdrian Mihai GOZOB
4 min read
New FluBot and TeaBot Global Malware Campaigns Discovered New FluBot and TeaBot Global Malware Campaigns Discovered
Bitdefender

January 26, 2022

10 min read
Poking Holes in Crypto-Wallets: A Short Analysis of BHUNT Stealer Poking Holes in Crypto-Wallets: A Short Analysis of BHUNT Stealer
Bitdefender

January 19, 2022

2 min read