GeminiDuke, like PinchDuke and CosmicDuke, was designed around a core information stealer component. The malware consisted of a loader, an information stealer, and numerous persistence components. The information stealer used a mutex based around a timestamp to ensure that only one instance of the malware was running at a time. The information stealer enumerates: local user accounts, network settings, internet proxy settings, installed drivers, running processes, values of environment variables, programs that run at startup, programs previously executed by the users, programs installed in the Programs Files folder, the files and folders in the users’ home folder, the files and folders in the users’ My Documents folder, and recently accessed files, folders, and programs. The malware employs multiple persistence components similar to those included in cosmicduke. MiniDuke’s backdoor component resembles the source code behind one of GeminiDuke’s persistence modules.
Subscribe to:
Post Comments (Atom)
-
When an authorities officer is composing a ticket at night, he is going to desire different light from a flashlight than when she is chasing...
-
Have you lost your data? It is a very upsetting situation when you get to know that you are not able to access data on your hard drive. The ...
-
Police officers and other emergency provider require trusted equipment that can serve them well as they serve others. Many of the tools that...
No comments:
Post a Comment