General
-
Target
5d7aa3474e734913ecb4b820c0c546c92f7684081c519eecd3990e11a19bf2ba
-
Size
4.8MB
-
Sample
210712-wkkvyz6vax
-
MD5
15e8a6b8e6f7497ff3b858d3bad7f0c3
-
SHA1
f672aa3a40647f3f1c724e1e6279e09332e5df18
-
SHA256
5d7aa3474e734913ecb4b820c0c546c92f7684081c519eecd3990e11a19bf2ba
-
SHA512
4857e5eaa32dca2159a25465bcb389568dc5376f79901dacd8bcc103be052e81cba2563721cf34409507b89939e2dc97ce11624e75408d6c01147db2e2635e5d
Malware Config
Targets
-
-
Target
5d7aa3474e734913ecb4b820c0c546c92f7684081c519eecd3990e11a19bf2ba
-
Size
4.8MB
-
MD5
15e8a6b8e6f7497ff3b858d3bad7f0c3
-
SHA1
f672aa3a40647f3f1c724e1e6279e09332e5df18
-
SHA256
5d7aa3474e734913ecb4b820c0c546c92f7684081c519eecd3990e11a19bf2ba
-
SHA512
4857e5eaa32dca2159a25465bcb389568dc5376f79901dacd8bcc103be052e81cba2563721cf34409507b89939e2dc97ce11624e75408d6c01147db2e2635e5d
Score10/10-
biopass
BIOPASS is a RAT connected with Winnti group (APT41).
-
family_biopass
-
Downloads MZ/PE file
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-