General

  • Target

    fb770a3815c9ebcf1ba46b75b8f3686acc1af903de30c43bab8b86e5b46de851

  • Size

    4.7MB

  • Sample

    210712-k4cgzbmf2n

  • MD5

    f12a1c138bc56653a09076cba61d392d

  • SHA1

    f20a850162677f244aead08cceae74ecbb5dff37

  • SHA256

    fb770a3815c9ebcf1ba46b75b8f3686acc1af903de30c43bab8b86e5b46de851

  • SHA512

    814146e040c905ef10002d9f9edc3b39445aa06070f0934b6b58801eca8cc29838e84b87ab5d9cdc3883bc8cef38a0b7ac4daa0a50c4cb32010977f3d99e8488

Malware Config

Targets

    • Target

      fb770a3815c9ebcf1ba46b75b8f3686acc1af903de30c43bab8b86e5b46de851

    • Size

      4.7MB

    • MD5

      f12a1c138bc56653a09076cba61d392d

    • SHA1

      f20a850162677f244aead08cceae74ecbb5dff37

    • SHA256

      fb770a3815c9ebcf1ba46b75b8f3686acc1af903de30c43bab8b86e5b46de851

    • SHA512

      814146e040c905ef10002d9f9edc3b39445aa06070f0934b6b58801eca8cc29838e84b87ab5d9cdc3883bc8cef38a0b7ac4daa0a50c4cb32010977f3d99e8488

    • biopass

      BIOPASS is a RAT connected with Winnti group (APT41).

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

3
T1112

Install Root Certificate

1
T1130

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Peripheral Device Discovery

1
T1120

Remote System Discovery

1
T1018

Tasks