Raspberry Robin and its new anti-emulation trick
Description :
An analysis of the constantly evolving evasion capabilities employed by the Raspberry Robin malware, which has emerged as a prominent threat. The report delves into the recent variant's unique anti-emulation techniques that leverage undocumented functions from the Windows Defender emulator's virtual DLLs, potentially marking the first instance of such exploitation. It highlights the malware's ability to evade detection and facilitate access for other threat actors, emphasizing the need for proactive countermeasures.
Published | Created | Modified |
---|---|---|
2024-04-08 10:52:30 | 2024-04-08 10:52:30 | 2024-04-08 11:10:50 |
Tags
Indicators
Domains : Malwares :- Fynloski
- Krademok
- DarkKomet
- Arkei Stealer
- FYNLOS
- LOBSHOT
- Pony - S0453
- DarkComet - S0334
- QuackBot
- Mars
- StealC
- Pinkslipbot
- QakBot - S0650
- Raspberry Robin
- Azorult - S0344
- QBot
- Vidar
- 50158e22481acabc56d8e3d318d6d709fcb7a9e442e76157b518d19e13f8e520
- b5637231e25aa7da8fe925f5b97a2ccbfd082a5463b2a05d2b3221adb35e43d9
- b81e857427411577552d1ecdd444efaeab23ec903192812d40ab3dd69df98ec5
- 242851abe09cc5075d2ffdb8e5eba2f7dcf22712625ec02744eecb52acd6b1bf
- 93672d67e8100bb984f866888cb042727567d302b30b91356a2b2bc8cd3f7912
- c8d37df88009122c890cb95dc79d895d39339fe1efdcfa5e033d0aea171ffc3d
- 10b4b7e9469366bfe459c3cd674aeab0692cfd9272fe369ef56d2811623e4866
- 483adf61d7d932003659d5d6242eace29ea8416ec810749333793e0efa91610d
- Raspberry Robin
External References
- https://otx.alienvault.com/pulse/6613cc6ec22d92d374f53fd4
- https://harfanglab.io/en/insidethelab/raspberry-robin-and-its-new-anti-emulation-trick/
You can download the txt file containing the indicators by clicking on the button below: