Unraveling Raspberry Robin's Layers: Analyzing Obfuscation Techniques and Core Mechanisms
Tags
cmtmf-attack-pattern: Code Injection
maec-delivery-vectors: Watering Hole
attack-pattern: Data Direct Indirect Model Code Injection - T1540 Dns - T1071.004 Dns - T1590.002 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Firmware - T1592.003 Hardware - T1592.001 Hooking - T1617 Junk Data - T1001.001 Kernelcallbacktable - T1574.013 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Msiexec - T1218.007 Python - T1059.006 Regsvr32 - T1218.010 Rundll32 - T1218.011 Server - T1583.004 Server - T1584.004 Software - T1592.002 Web Service - T1481 Tool - T1588.002 Hooking - T1179 Hypervisor - T1062 Regsvr32 - T1117 Rundll32 - T1085 Web Service - T1102 Hooking
Show in Graph
Common Information
Type Value
UUID dca48fbf-4a1f-45d2-a7ad-994b9de1517b
Fingerprint 3bd159516db08f01
Analysis status DONE
Considered CTI value 0
Text language
Published Nov. 19, 2024, 12:06 p.m.
Added to db Nov. 19, 2024, 7 p.m.
Last updated Nov. 20, 2024, 9:29 p.m.
Headline Unraveling Raspberry Robin's Layers: Analyzing Obfuscation Techniques and Core Mechanisms
Title Unraveling Raspberry Robin's Layers: Analyzing Obfuscation Techniques and Core Mechanisms
Detected Hints/Tags/Attributes 111/3/80
Source URLs
Redirection Url
Details Source https://securityboulevard.com/2024/11/unraveling-raspberry-robins-layers-analyzing-obfuscation-techniques-and-core-mechanisms/
URL Provider
Details Provider Source level domain
Details securityboulevard.com securityboulevard.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 226 Security Boulevard https://securityboulevard.com/feed 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details CVE 7 
cve-2024-26229
Details CVE 3 
cve-2021-31969
Details Domain 2 
pointers.to
Details Domain 2 
minutes.read
Details Domain 2 
base64.as
Details Domain 2 
variable.as
Details Domain 2 
it.network
Details Domain 2 
true.it
Details Domain 2 
paexec.windows
Details Domain 2 
classes.as
Details Domain 2 
ntwow64queryinformationprocess64.network
Details Domain 2 
independently.next
Details Domain 2 
respectively.in
Details Domain 2 
wow64.windows
Details Domain 2 
name.java
Details Domain 2 
monitor.to
Details Domain 3 
3bh22ezbxub3dopbqja7jjymdussvwgl3eu4xzlsdyagtnhzxy3tr3id.onion
Details Domain 3 
3zs4zdszo3lesutdbuenzvlspuh6wljj6eyntv73dxxig3bk2wcskrad.onion
Details Domain 3 
4jtsmu3u4yrbehjf4rzfwsswhpc7ohs4nrfnlfu3xebteeaf4uv3okyd.onion
Details Domain 3 
4rnzfvzybry65auecpi3n67c6ynuunvs77qpk45svyhhsj6oisibk3qd.onion
Details Domain 3 
5bqxmurmtkqlzis65uu22aspcuhivb6vpzpcpma5wfl5ngz2ha6oxzqd.onion
Details Domain 3 
64iahnunyhf6ph6qvakjp22a3j6wlvl4sdmbh6elwri6up5gpnm7xkyd.onion
Details Domain 3 
6agzykvu3rjnwpdnky777ffxb5dj4fiemftho4tsoeakp2xa542pj7id.onion
Details Domain 3 
6kykjg6h7sjqru5puc57mb2nhd2bwhtewdswnsg4rlr3rw6t4iqrpgyd.onion
Details Domain 3 
6praos6qyi3b5kcurfqe4kyh5ihu4k3z6mjbggkixnfyhbpomy5szoad.onion
Details Domain 3 
6s75xlg3auzdnccos4re4hrmcxyg6fivxsqm3cldv2gowl2engljtqyd.onion
Details File 2 
exploits.key
Details File 2 
sections.exe
Details File 2 
layer.exe
Details File 2 
layer.tab
Details File 2 
detected.tab
Details File 2 
username.exe
Details File 2 
name.inf
Details File 2 
different.core
Details File 3 
cbsmsg.dll
Details File 464 
regsvr32.exe
Details File 175 
dllhost.exe
Details File 37 
hh.exe
Details File 273 
msiexec.exe
Details File 106 
regasm.exe
Details File 1265 
explorer.exe
Details File 2 
below.log
Details File 122 
avp.exe
Details File 1025 
rundll32.exe
Details File 188 
shell32.dll
Details File 58 
control.exe
Details File 4 
efsui.exe
Details File 4 
properties.pl
Details File 2 
name.pl
Details File 2 
file.pl
Details File 14 
iexpress.exe
Details File 3 
network_info_list.txt
Details File 78 
netsh.exe
Details File 2 
namelauncher.sys
Details File 4 
runlegacycplelevated.exe
Details File 17 
advpack.dll
Details File 15 
cleanmgr.exe
Details File 3 
random_generated_string.chm
Details File 7 
aswhook.dll
Details File 2 
level.sys
Details File 2 
name.java
Details IPv4 49 
127.0.0.0
Details IPv4 136 
10.0.0.0
Details IPv4 30 
224.0.0.0
Details IPv4 16 
240.0.0.0
Details IPv4 84 
172.16.0.0
Details IPv4 128 
192.168.0.0
Details Url 2 
https://2pxsdtxngssu3vqqujdfgu4bsmlkp3d2ytctawznlhhez6tq57wzpzqd.onion:55314/command-and-control
Details Url 2 
https://3bh22ezbxub3dopbqja7jjymdussvwgl3eu4xzlsdyagtnhzxy3tr3id.onion:3367/c2
Details Url 2 
https://3zs4zdszo3lesutdbuenzvlspuh6wljj6eyntv73dxxig3bk2wcskrad.onion:15842/c2
Details Url 2 
https://4jtsmu3u4yrbehjf4rzfwsswhpc7ohs4nrfnlfu3xebteeaf4uv3okyd.onion:37151/c2
Details Url 2 
https://4rnzfvzybry65auecpi3n67c6ynuunvs77qpk45svyhhsj6oisibk3qd.onion:39567/c2
Details Url 2 
https://5bqxmurmtkqlzis65uu22aspcuhivb6vpzpcpma5wfl5ngz2ha6oxzqd.onion:18231/c2
Details Url 2 
https://64iahnunyhf6ph6qvakjp22a3j6wlvl4sdmbh6elwri6up5gpnm7xkyd.onion:33960/c2
Details Url 2 
https://6agzykvu3rjnwpdnky777ffxb5dj4fiemftho4tsoeakp2xa542pj7id.onion:34024/c2
Details Url 2 
https://6kykjg6h7sjqru5puc57mb2nhd2bwhtewdswnsg4rlr3rw6t4iqrpgyd.onion:13392/c2
Details Url 2 
https://6praos6qyi3b5kcurfqe4kyh5ihu4k3z6mjbggkixnfyhbpomy5szoad.onion:4123/c2
Details Url 2 
https://6s75xlg3auzdnccos4re4hrmcxyg6fivxsqm3cldv2gowl2engljtqyd.onion:58212/c2
Details Url 1 
https://www.zscaler.com/blogs/security-research/unraveling-raspberry-robin-s-layers-analyzing-obfuscation-techniques-and
Details Windows Registry Key 2 
HKEY_CURRENT_USER\Software\Classes.Attempts