Cert2Connect

Raspberry Robin Analysis

Raspberry Robin a malicious downloader discovered in 2021 has been circulating for years primarily spreading through infected USB devices. It stands out due to its unique binary-obfuscation techniques extensive use of anti-analysis methods and privilege escalation exploits. The malware uses multiple code layers each employing various obfuscation techniques. It communicates with command-and-control servers via the TOR network and can propagate through networks. Raspberry Robin employs numerous anti-analysis and evasion methods including CPU performance checks Windows API manipulations and registry modifications. It uses UAC-bypass methods and local privilege escalation exploits to elevate privileges. The malwares primary goal is to download and execute payloads on compromised hosts collecting extensive system information before requesting the payload.
Overzicht

WILT U WETEN HOE DIT RISICO
UITGEBANNEN KAN WORDEN?

Wij helpen je graag. Indien gewenst geven we graag een presentatie of demo van onze oplossingsaanpak. Je vindt ons ook regelmatig op beurzen en events. Volg de evenementenpagina op deze site of meld je aan via de contactpagina voor onze nieuwsbrief.

Maak een afspraak