MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6faf7e04851cbca2f0e55db6192d7c274a65b8ce71540955ae26987a472be521. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


RaspberryRobin


Vendor detections: 11


Intelligence 11 IOCs YARA 7 File information Comments 1
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6faf7e04851cbca2f0e55db6192d7c274a65b8ce71540955ae26987a472be521
SHA3-384 hash: 64cde28499ba9c5ea91be0dc5c6114e7cdbf83b8b7fa6891937c8eadcb8043d4762c4436d8f92e2e4a2aceb2e3ceeedb
SHA1 hash: 98e320cd8447d147a98317a299bb87f88557f372
MD5 hash: 2e6a3f5deb112ee2daa4e8d3daf59d16
humanhash: eleven-monkey-cardinal-seven
File name:2e6a3f5deb112ee2daa4e8d3daf59d16
Download: download sample
Signature RaspberryRobin
Create hunting rule
File size:2'020'632 bytes
First seen:2024-02-08 17:32:30 UTC
Last seen:2024-02-08 19:35:54 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash 319b1edcc4538be377f43066c635ffef (8 x RedLineStealer, 2 x njrat, 2 x 44CaliberStealer)
ssdeep 49152:ysldGDG/96tfdP1MteQ7XGeiz1H5dzyzM+BclZ:ys+G/UtfF1MfXiDd2zLe/
Threatray 45 similar samples on MalwareBazaar
TLSH T132952322BAC5C432E461093B05F45A746D3CBD114B7A8ECB23A86D5D6F206D2CB3DB67
TrID 91.0% (.EXE) WinRAR Self Extracting archive (4.x-5.x) (265042/9/39)
3.6% (.EXE) Win64 Executable (generic) (10523/12/4)
1.7% (.EXE) Win16 NE executable (generic) (5038/12/1)
1.5% (.EXE) Win32 Executable (generic) (4504/4/1)
0.6% (.EXE) OS/2 Executable (generic) (2029/13)
File icon (PE):PE icon
dhash icon 9494b494d4aeaeac (832 x DCRat, 172 x RedLineStealer, 134 x CryptOne)
Reporter zbetcheckin
Tags:32 exe RaspberryRobin

Intelligence

File Origin
# of uploads :
2
# of downloads :
327
Origin country :
FR FR
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/475470/
Detection(s):
SecuriteInfo.com.FileRepMalware.15056.19954.UNOFFICIAL
Create hunting rule

Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
fingerprint lolbin overlay packed setupapi shdocvw shell32
Link:
https://www.filescan.io/uploads/65c5104fe8d5f6639a36aa4a/reports/47f82383-763e-4949-98b1-f5ec9cfd963c/overview
Verdict:
Malicious
Labled as:
Win/malicious_confidence_100%
Link:
https://www.hybrid-analysis.com/sample/6faf7e04851cbca2f0e55db6192d7c274a65b8ce71540955ae26987a472be521
Result
Verdict:
MALICIOUS
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Malware family:
Raspberry Robin
Create hunting rule
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/e737b6b9-e4e9-4620-8b92-0a67ec518db6
Result
Threat name:
n/a
Detection:
malicious
Classification:
evad
Score:
60 / 100
Link:
https://www.joesandbox.com/analysis/1389345
Signature
Antivirus detection for dropped file
Machine Learning detection for dropped file
Machine Learning detection for sample
Tries to detect sandboxes / dynamic malware analysis system (file name check)
Behaviour
Behavior Graph:
Download SVG
Score:
100%
Verdict:
Malware
File Type:
PE
Link:
https://malprob.io/report/6faf7e04851cbca2f0e55db6192d7c274a65b8ce71540955ae26987a472be521
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6faf7e04851cbca2f0e55db6192d7c274a65b8ce71540955ae26987a472be521/
Threat name:
Win32.Trojan.Uztuby
Create hunting rule
Status:
Malicious
First seen:
2024-02-08 17:33:08 UTC
File Type:
PE (Exe)
Extracted files:
18
AV detection:
16 of 38 (42.11%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=n6xx4befds6kf4hflw3bsll4e5fglogoofkasvnoe2mhurzl4uqq._file
Verdict:
malicious
Similar samples:
051051dab30cc0e8d5394d9f5ad8ad0e02c7b3a06f8c59c86d0267f4221056a8
RaspberryRobin
0a8839b793adedb6f3b7882cd3ff2aca653b29aefe4091969bceffae430b6eaf
RaspberryRobin
6faf7e04851cbca2f0e55db6192d7c274a65b8ce71540955ae26987a472be521
RaspberryRobin
9b79d7c40264cf97db295d2ba739acf377a1813c8899b819f82448a355c4b419
RaspberryRobin
e64376fdce40bf0d5677f2bc7d28fc37e7f60b95824188e71ec27e27bcec1d77
RaspberryRobin
e84cac854a439ca9097b29ead5938b3fc4f867dbc7d0c388633db9df0760edcc
RaspberryRobin
ef9824bc08faee0f6cfa5ae692a33019ab4a100c55c1bbcab9a1d2c96d274abd
RaspberryRobin
+ 35 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/240208-v4tw1agd8t/
Behaviour
Suspicious use of WriteProcessMemory
Enumerates physical storage devices
Checks computer location settings
Loads dropped DLL
Unpacked files
SH256 hash:
6372f0048ff7afa57aa7a168021b74741c1c7d612b1e9a13d9a67917ad02701f
MD5 hash:
2f61dfb6bac7f656084372ee5c5f30ef
SHA1 hash:
cd0e14c74db64250b83da7ed118dc8bf5cf3933e
Link:
https://www.unpac.me/results/c8c5a6b7-1b64-43d5-8bb4-069c75b3a94c/
SH256 hash:
6faf7e04851cbca2f0e55db6192d7c274a65b8ce71540955ae26987a472be521
MD5 hash:
2e6a3f5deb112ee2daa4e8d3daf59d16
SHA1 hash:
98e320cd8447d147a98317a299bb87f88557f372
Link:
https://www.unpac.me/results/c8c5a6b7-1b64-43d5-8bb4-069c75b3a94c/
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6faf7e04851cbca2f0e55db6192d7c274a65b8ce71540955ae26987a472be521

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:maldoc_find_kernel32_base_method_1
Create hunting rule
Author:Didier Stevens (https://DidierStevens.com)
Rule name:pe_no_import_table
Create hunting rule
Description:Detect pe file that no import table
Rule name:RIPEMD160_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for RIPEMD-160 constants
Rule name:SEH__vectored
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:SHA1_Constants
Create hunting rule
Author:phoul (@phoul)
Description:Look for SHA1 constants
Rule name:Windows_Trojan_RaspberryRobin_4b4d6899
Create hunting rule
Author:Elastic Security

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

RaspberryRobin

Executable exe 6faf7e04851cbca2f0e55db6192d7c274a65b8ce71540955ae26987a472be521

(this sample)

  
Delivery method
Distributed via web download
Cape
Cape
https://www.capesandbox.com/analysis/475470/

Comments


Avatar
zbet commented on 2024-02-08 17:32:31 UTC

url : hxxps://294coyolxauhqui.sbs/mix/