Raspberry Robin Analysis

SUMMARY :

Raspberry Robin, a malicious downloader discovered in 2021, has been circulating for years, primarily spreading through infected USB devices. It stands out due to its unique binary-obfuscation techniques, extensive use of anti-analysis methods, and privilege escalation exploits. The malware uses multiple code layers, each employing various obfuscation techniques. It communicates with command-and-control servers via the TOR network and can propagate through networks. Raspberry Robin employs numerous anti-analysis and evasion methods, including CPU performance checks, Windows API manipulations, and registry modifications. It uses UAC-bypass methods and local privilege escalation exploits to elevate privileges. The malware's primary goal is to download and execute payloads on compromised hosts, collecting extensive system information before requesting the payload.

OPENCTI LABELS :

obfuscation,tor,raspberry robin,privilege-escalation,anti-analysis,usb-spreading,network-propagation,cve-2024-26229,cve-2021-31969


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Raspberry Robin Analysis