LEOUNCIA
Description
(FireEye) Like Vinself, Leouncia is a powerful backdoor that is designed to take complete control over the infected machine. Similar to Vinself, Leouncia also uses HTTP to carry its custom obfuscated payload. I found Leouncia’s obfuscation techniques far more sophisticated than what I found within Vinself. Moreover, Leouncia tries its best to hide its presence from signature based sensors. It generates its http communication randomly by using varying levels of system information in conjunction with Windows random number generation APIs. The result is that every instance of its C&C communication will be different from the previous one.
Names
| Name |
|---|
| LEOUNCIA |
| shoco |
Category
Malware
Type
- Reconnaissance
- Backdoor
- Info stealer
Information
- https://www.fireeye.com/blog/threat-research/2010/12/leouncia-yet-another-backdoor.html
- https://www.fireeye.com/blog/threat-research/2010/12/leouncia-yet-another-backdoor-part-2.html
- https://www.rsaconference.com/writable/presentations/file_upload/crwd-t11-hide_and_seek-how_threat_actors_respond_in_the_face_of_public_exposure.pdf
Malpedia
Other Information
Uuid
660fc052-443f-4b96-8357-06b48255b32b
Last Card Change
2020-05-14