Colin Mc Hugo

0 %
Colin Mc Hugo
Security Engineer Manager & CEO at Quantum Infinite Solutions Group Ltd.

New Evidence Links Raspberry Robin Malware to Dridex and Russian Evil Corp Hackers

September 2, 2022

Scientists have actually determined useful resemblances in between a harmful element made use of in the Raspberry Robin infection chain and also a Dridex malware loader, additionally reinforcing the drivers’ links to the Russia-based Wickedness Corp team.

The searchings for recommend that “Wickedness Corp is most likely making use of Raspberry Robin facilities to perform its strikes,” IBM Safety and security X-Force scientist Kevin Henson said in a Thursday evaluation.

Raspberry Robin (also known as QNAP Worm), very first found by cybersecurity firm Red Canary in September 2021, has actually stayed something of an enigma for virtually a year, partially owing to the visible absence of post-exploitation tasks in the wild.


That transformed in July 2022 when Microsoft exposed that it observed the FakeUpdates (also known as SocGholish) malware being supplied using existing Raspberry Robin infections, with possible links determined in between DEV-0206 and also DEV-0243 (also known as Wickedness Corp).

The malware is recognized to be supplied from a jeopardized system using contaminated USB tools having a malicious.LNK data to various other tools in the target network. The Windows Faster way documents are created to fetch a harmful DLL from a remote web server.

” The Raspberry Robin loaders are DLLs that decipher and also carry out an intermediate loader,” Henson claimed. “The intermediate loader carries out hook discovery as an anti-analysis strategy, translates its strings at runtime and after that translates an extremely obfuscated DLL whose function has actually not been established.”

Moreover, IBM Safety and security X-Force’s relative evaluation of a 32-bit Raspberry Robin loader and also a 64-bit Dridex loader exposed overlaps in capability and also framework, with both elements integrating comparable anti-analysis code and also translating the last haul in a comparable way.


Dridex (also known as Bugat or Cridex) is the handiwork of Wickedness Corp and also describes a financial trojan with abilities to take info, release extra malware such as ransomware, and also oppress jeopardized Windows equipments right into a botnet.

To minimize Raspberry Robin infections, it’s suggested that companies keep an eye on USB gadget links and also disable the AutoRun feature in the Windows os setups.

Posted in SecurityTags:
Write a comment