Intel Name: Unraveling raspberry robin’s layers: analyzing obfuscation techniques and core mechanisms
Date of Scan: November 21, 2024
Impact: High
Summary: Discovered in 2021, Raspberry Robin (also known as Roshtyak) is a malicious downloader primarily spread via infected USB devices. It stands out for its unique binary obfuscation, extensive anti-analysis techniques, and privilege escalation exploits. Researchers have observed its use by multiple threat actors to deploy other malware families, such as Bumblebee. In this blog, Zscaler ThreatLabz provides an in-depth analysis of Raspberry Robin’s execution layers, obfuscation methods, network communication, and latest exploits.