Malware

Malware

#malware-evasion
Raspberry Robin’s Roshtyak: A Little Lesson in Trickery - Avast Threat Labs
Raspberry Robin’s Roshtyak: A Little Lesson in Trickery - Avast Threat Labs
We take a deep dive into Roshtyak, the DLL backdoor payload associated with Raspberry Robin. Roshtyak is full of anti-analysis tricks. Some are well-known, and some we have never seen before. From a technical perspective, the lengths Roshtyak takes to protect itself are extremely interesting. Roshtyak belongs to one of the best-protected malware strains we have ever seen. We hope by publishing our research and analysis of the malware and its protection tricks we will help fellow researchers recognize and respond to similar tricks, and harden their analysis environments, making them more resistant to the evasion techniques described.
·decoded.avast.io·
Raspberry Robin’s Roshtyak: A Little Lesson in Trickery - Avast Threat Labs
GitHub - optiv/Mangle: Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs
GitHub - optiv/Mangle: Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs
Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs - GitHub - optiv/Mangle: Mangle is a tool that manipulates aspects of compiled executabl...
·github.com·
GitHub - optiv/Mangle: Mangle is a tool that manipulates aspects of compiled executables (.exe or DLL) to avoid detection from EDRs