Raspberry Robin worm drops fake malware to confuse researchers

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,151
Content source
https://www.bleepingcomputer.com/news/security/raspberry-robin-worm-drops-fake-malware-to-confuse-researchers/
The Raspberry Robin malware is now trying its hand at some trickery by dropping a fake payload to confuse researchers and evade detection when it detects it's being run within sandboxes and debugging tools.

This new tactic was discovered by Trend Micro researchers who observed Raspberry Robin in recent attacks against telecommunication service providers and government systems.

Raspberry Robin is a worm-like malware dropper that sells initial access to compromised networks to ransomware gangs and malware operators. It has been previously associated with FIN11 and the Clop gang, as well as Bumblebee, IcedID, and TrueBot payload distribution.

The malware reaches targeted systems via malicious USB drives that infect the device with malware when inserted and included .LNK file is double-clicked.

When the shortcut is executed, it abuses the legitimate 'MSIExec.exe' Windows executable to download a malicious MSI installer that installs the Raspberry Robin payloads


Typical Raspberry Robin infection chain

Typical Raspberry Robin infection chain (Trend Micro)
Click to expand...
www.bleepingcomputer.com

Raspberry Robin worm drops fake malware to confuse researchers

The Raspberry Robin malware is now trying its hand at some trickery by dropping a fake payload to confuse researchers and evade detection when it detects it's being run within sandboxes and debugging tools.
www.bleepingcomputer.com www.bleepingcomputer.com

www.trendmicro.com

Raspberry Robin Malware Targets Telecom, Governments

We found samples of the Raspberry Robin malware spreading in telecommunications and government office systems beginning September. The main payload itself is packed with more than 10 layers for obfuscation and is capable of delivering a fake payload once it detects sandboxing and security...
www.trendmicro.com www.trendmicro.com
 
  • Like
  • +Reputation
Reactions: mkoundo, vtqhtr413, upnorth and 3 others
silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,151
Financial and insurance sectors in Europe have been targeted by the Raspberry Robin worm, as the malware continues to evolve its post-exploitation capabilities while remaining under the radar.

"What is unique about the malware is that it is heavily obfuscated and highly complex to statically disassemble," Security Joes said in a new report published Monday.

The intrusions, observed against Spanish and Portuguese-speaking organizations, are notable for collecting more victim machine data than previously documented, with the malware now exhibiting sophisticated techniques to resist analysis.
Click to expand...
thehackernews.com

Raspberry Robin Worm Evolves to Attack Financial and Insurance Sectors in Europe

Raspberry Robin worm is targeting financial and insurance sectors in Europe, especially Spanish and Portuguese-speaking organizations, and has evolved
thehackernews.com thehackernews.com
 
  • Like
  • +Reputation
Reactions: Gandalf_The_Grey, upnorth, mkoundo and 1 other person
You must log in or register to reply here.

Similar threads

vtqhtr413
    • Like
    • +Reputation
Security News Raspberry Robin malware returns with early access to Windows exploits
Replies
0
Views
1,012
Security News
vtqhtr413
vtqhtr413
upnorth
    • Like
    • Wow
    • +Reputation
Windows Worm Evolved into slinging Ransomware
Replies
0
Views
500
News Archive
upnorth
upnorth
LASER_oneXM
    • Like
New Raspberry Robin worm uses Windows Installer to drop malware
Replies
0
Views
784
News Archive
LASER_oneXM
LASER_oneXM

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top