ioc[.]one - OSINT Cyber Threat Intelligence Database

Unraveling Raspberry Robin's Layers: Analyzing Obfuscation Techniques and Core Mechanisms

Tags

cmtmf-attack-pattern:	Code Injection
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Indirect Model Code Injection - T1540 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Firmware - T1592.003 Hardware - T1592.001 Hooking - T1617 Junk Data - T1001.001 Kernelcallbacktable - T1574.013 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Msiexec - T1218.007 Python - T1059.006 Regsvr32 - T1218.010 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Web Service - T1481 Tool - T1588.002 Hooking - T1179 Hypervisor - T1062 Regsvr32 - T1117 Rundll32 - T1085 Web Service - T1102 Hooking

Show in Graph

Common Information

Type	Value
UUID	9f8a42b5-ffce-4734-accb-312f22092a6b
Fingerprint	3bd159516db08f09
Analysis status	DONE
Considered CTI value	0
Text language
Published	Nov. 19, 2024, 5:15 p.m.
Added to db	Nov. 19, 2024, 6:56 p.m.
Last updated	Dec. 3, 2024, 4:21 p.m.
Headline	Unraveling Raspberry Robin's Layers: Analyzing Obfuscation Techniques and Core Mechanisms
Title	Unraveling Raspberry Robin's Layers: Analyzing Obfuscation Techniques and Core Mechanisms
Detected Hints/Tags/Attributes	110/3/79

Source URLs

	Redirection	Url
Details	Source	https://malware.news/t/unraveling-raspberry-robins-layers-analyzing-obfuscation-techniques-and-core-mechanisms/88564

URL Provider

Details	Provider	Source level domain
Details	malware.news	malware.news

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	158	✔	Malware Analysis, News and Indicators - Latest topics	https://malware.news/latest.rss	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	CVE	8	cve-2024-26229
Details	CVE	4	cve-2021-31969
Details	Domain	2	pointers.to
Details	Domain	2	minutes.read
Details	Domain	2	base64.as
Details	Domain	2	variable.as
Details	Domain	2	it.network
Details	Domain	2	true.it
Details	Domain	2	paexec.windows
Details	Domain	2	classes.as
Details	Domain	2	ntwow64queryinformationprocess64.network
Details	Domain	2	independently.next
Details	Domain	2	respectively.in
Details	Domain	2	wow64.windows
Details	Domain	2	name.java
Details	Domain	2	monitor.to
Details	Domain	4	3bh22ezbxub3dopbqja7jjymdussvwgl3eu4xzlsdyagtnhzxy3tr3id.onion
Details	Domain	4	3zs4zdszo3lesutdbuenzvlspuh6wljj6eyntv73dxxig3bk2wcskrad.onion
Details	Domain	4	4jtsmu3u4yrbehjf4rzfwsswhpc7ohs4nrfnlfu3xebteeaf4uv3okyd.onion
Details	Domain	4	4rnzfvzybry65auecpi3n67c6ynuunvs77qpk45svyhhsj6oisibk3qd.onion
Details	Domain	4	5bqxmurmtkqlzis65uu22aspcuhivb6vpzpcpma5wfl5ngz2ha6oxzqd.onion
Details	Domain	4	64iahnunyhf6ph6qvakjp22a3j6wlvl4sdmbh6elwri6up5gpnm7xkyd.onion
Details	Domain	4	6agzykvu3rjnwpdnky777ffxb5dj4fiemftho4tsoeakp2xa542pj7id.onion
Details	Domain	4	6kykjg6h7sjqru5puc57mb2nhd2bwhtewdswnsg4rlr3rw6t4iqrpgyd.onion
Details	Domain	4	6praos6qyi3b5kcurfqe4kyh5ihu4k3z6mjbggkixnfyhbpomy5szoad.onion
Details	Domain	4	6s75xlg3auzdnccos4re4hrmcxyg6fivxsqm3cldv2gowl2engljtqyd.onion
Details	File	2	exploits.key
Details	File	2	sections.exe
Details	File	2	layer.exe
Details	File	2	layer.tab
Details	File	2	detected.tab
Details	File	2	username.exe
Details	File	2	name.inf
Details	File	2	different.core
Details	File	3	cbsmsg.dll
Details	File	472	regsvr32.exe
Details	File	179	dllhost.exe
Details	File	37	hh.exe
Details	File	280	msiexec.exe
Details	File	111	regasm.exe
Details	File	1275	explorer.exe
Details	File	2	below.log
Details	File	122	avp.exe
Details	File	1040	rundll32.exe
Details	File	192	shell32.dll
Details	File	58	control.exe
Details	File	4	efsui.exe
Details	File	4	properties.pl
Details	File	2	name.pl
Details	File	2	file.pl
Details	File	14	iexpress.exe
Details	File	3	network_info_list.txt
Details	File	79	netsh.exe
Details	File	2	namelauncher.sys
Details	File	4	runlegacycplelevated.exe
Details	File	17	advpack.dll
Details	File	15	cleanmgr.exe
Details	File	3	random_generated_string.chm
Details	File	7	aswhook.dll
Details	File	2	level.sys
Details	File	2	name.java
Details	IPv4	50	127.0.0.0
Details	IPv4	137	10.0.0.0
Details	IPv4	30	224.0.0.0
Details	IPv4	16	240.0.0.0
Details	IPv4	85	172.16.0.0
Details	IPv4	130	192.168.0.0
Details	Url	2	https://2pxsdtxngssu3vqqujdfgu4bsmlkp3d2ytctawznlhhez6tq57wzpzqd.onion:55314/command-and-control
Details	Url	2	https://3bh22ezbxub3dopbqja7jjymdussvwgl3eu4xzlsdyagtnhzxy3tr3id.onion:3367/c2
Details	Url	2	https://3zs4zdszo3lesutdbuenzvlspuh6wljj6eyntv73dxxig3bk2wcskrad.onion:15842/c2
Details	Url	2	https://4jtsmu3u4yrbehjf4rzfwsswhpc7ohs4nrfnlfu3xebteeaf4uv3okyd.onion:37151/c2
Details	Url	2	https://4rnzfvzybry65auecpi3n67c6ynuunvs77qpk45svyhhsj6oisibk3qd.onion:39567/c2
Details	Url	2	https://5bqxmurmtkqlzis65uu22aspcuhivb6vpzpcpma5wfl5ngz2ha6oxzqd.onion:18231/c2
Details	Url	2	https://64iahnunyhf6ph6qvakjp22a3j6wlvl4sdmbh6elwri6up5gpnm7xkyd.onion:33960/c2
Details	Url	2	https://6agzykvu3rjnwpdnky777ffxb5dj4fiemftho4tsoeakp2xa542pj7id.onion:34024/c2
Details	Url	2	https://6kykjg6h7sjqru5puc57mb2nhd2bwhtewdswnsg4rlr3rw6t4iqrpgyd.onion:13392/c2
Details	Url	2	https://6praos6qyi3b5kcurfqe4kyh5ihu4k3z6mjbggkixnfyhbpomy5szoad.onion:4123/c2
Details	Url	2	https://6s75xlg3auzdnccos4re4hrmcxyg6fivxsqm3cldv2gowl2engljtqyd.onion:58212/c2
Details	Windows Registry Key	2	HKEY_CURRENT_USER\Software\Classes.Attempts