Win32/MiniDuke

Forum for analysis and discussion about malware.

Win32/MiniDuke

Postby Squirl » Wed Feb 27, 2013 4:12 pm

Hi all,

Does anybody have any of the droppers mentioned here:
http://blog.crysys.hu/2013/02/miniduke/
http://www.crysys.hu/miniduke/miniduke_ ... public.pdf

MD5s:
3668b018b4bb080d1875aee346e3650a
88292d7181514fda5390292d73da28d4
3f301758aa3d5d123a9ddbad1890853b
0cdf55626e56ffbf1b198beb4f6ed559
cf5a5239ada9b43592757c0d7bf66169
c03bcb0cde62b3f45b4d772ab635e2b0

VT:
https://www.virustotal.com/en/file/784d ... /analysis/
https://www.virustotal.com/en/file/8a84 ... /analysis/
https://www.virustotal.com/en/file/59b6 ... /analysis/
https://www.virustotal.com/en/file/5fbe ... /analysis/
https://www.virustotal.com/en/file/da7f ... /analysis/

I'm happy to share dropped files/research if I get them.

Squirl
User avatar
Squirl
 
Posts: 15
Joined: Sun Apr 03, 2011 11:48 pm
Reputation point: 14

Re: MiniDuke droppers

Postby r2nwcnydc » Wed Feb 27, 2013 6:00 pm

Here are all but c03bcb0cde62b3f45b4d772ab635e2b0
You do not have the required permissions to view the files attached to this post.
r2nwcnydc
 
Posts: 66
Joined: Mon Dec 06, 2010 3:28 pm
Reputation point: 27

Re: MiniDuke droppers

Postby r2nwcnydc » Wed Feb 27, 2013 9:17 pm

Here is c03bcb0cde62b3f45b4d772ab635e2b0
You do not have the required permissions to view the files attached to this post.
r2nwcnydc
 
Posts: 66
Joined: Mon Dec 06, 2010 3:28 pm
Reputation point: 27

MiniDuke Win32 samples

Postby kodo » Tue Mar 12, 2013 6:21 pm

Looking for any Win32 samples from MiniDuke campagin

Kaspersky: HEUR:Backdoor.Win32.MiniDuke.gen, Symantec: Backdoor.Miniduke
https://www.virustotal.com/en/file/7815 ... /analysis/
kodo
 
Posts: 3
Joined: Sat Apr 03, 2010 7:54 am
Reputation point: 0

Re: MiniDuke Win32 samples

Postby r2nwcnydc » Tue Mar 12, 2013 6:50 pm

Here are a few
You do not have the required permissions to view the files attached to this post.
r2nwcnydc
 
Posts: 66
Joined: Mon Dec 06, 2010 3:28 pm
Reputation point: 27

CosmicDuke (aka TinyBaron, "new" Miniduke)

Postby hx1997 » Thu Jul 03, 2014 3:19 pm

Related post
viewtopic.php?f=21&t=2565&p=18362

http://www.f-secure.com/static/doc/labs ... epaper.pdf
http://www.securelist.com/en/blog/20821 ... gen_Studio

Part of the samples (see below) in attach.

Miniduke
edf7a81dab0bf0520bfb8204a010b730
93382e0b2db1a1283dbed5d9866c7bf2 (missing)
b80232f25dbceb6953994e45fb7ff749 (missing)
7fcf05f7773dc3714ebad1a9b28ea8b9 (missing)
ba57f95eba99722ebdeae433fc168d72 (missing)

CosmicDuke
- Exploit files
353540c6619f2bba2351babad736599811d3392e
5295b09592d5a651ca3f748f0e6401bd48fe7bda
65681390d203871e9c21c68075dbf38944e782e8
8949c1d82dda5c2ead0a73b532c4b2e1fbb58a0e
74bc93107b1bbae2d98fca6d819c2f0bbe8c9f8a
c671786abd87d214a28d136b6bafd4e33ee66951 (missing)

- Droppers
f621ec1b363e13dd60474fcfab374b8570ede4de
7631f1db92e61504596790057ce674ee90570755
5a199a75411047903b7ba7851bf705ec545f6da9
0e5f55676e01d8e41d77cdc43489da8381b68086

- Loaders
fecdba1d903a51499a3953b4df1d850fbd5438bd
b54b3c67f1827dab4cc2b3de94ff0af4e5db3d4c
764add69922342b8c4200d64652fbee1376adf1c
6a43ada6a3741892b56b0ef38cdf48df1ace236d
5c5ec0b5112a74a95edc23ef093792eb3698320e
55f83ff166ab8978d6ce38e80fde858cf29e660b
8aa9f5d426428ec360229f4cb9f722388f0e535c
ccb29875222527af4e58b9dd8994c3c7ef617fd8
580eca9e36dcd1a2deb9075bcae90afee46aace2
4e3c9d7eb8302739e6931a3b5b605efe8f211e51
9700c8a41a929449cfba6567a648e9c5e4a14e70 (missing)
6db1151eeb4339fc72d6d094e2d6c2572de89470 (missing)
ed14da9b9075bd3281967033c90886fd7d4f14e5 (missing)

- Info-stealers (all missing)
4fc6701a621f2a5ce3451c7969e4361bc3b836eb
16aa08ba5e1d27ac68b6ebf24d846bf6f2a204d1
853679ae3172e448d676cbc9503f1474a5ca656f
f9ba115b673be04ac09c9ee497ef03c5aa75429e
ef3ce46a81d3f30fbcfbe5e0db18284329cc0d99
fb3b8f6494b211386381a7e4f6524d3e4643c9e9
b072577447cdf3936d95e612057e510dd3435963
3e76dfa82161c64417e214b7607ad22ab40a8d69
f513b21738ae3083d79e4fa1039889e1c3efff58
c715e94dd187f3626f1b3e1511ae11525abf91e6
2c7c9ceeb61eac89e18b6e4ae0c855d982a0f232
98f81b03a3b0f7b0b914d783683817953e8d4cf0
620165967306d08d6a38dbd1381d84c71d62dea2
You do not have the required permissions to view the files attached to this post.
User avatar
hx1997
 
Posts: 101
Joined: Sat Apr 07, 2012 12:16 am
Reputation point: 24

Re: Win32/MiniDuke

Postby Blaze » Sat Sep 20, 2014 10:54 pm

You do not have the required permissions to view the files attached to this post.
Follow me on Twitter: @bartblaze
User avatar
Blaze
 
Posts: 198
Joined: Fri Aug 27, 2010 7:35 am
Reputation point: 71


Return to Malware

Who is online

Users browsing this forum: No registered users and 13 guests