Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

30d9ffd4b92a4ed67569a78ceb25bb6f66346d1c0a7d6d6305e235cbdfe61ebe
Size

4MB
Sample

210712-xdmk74rq6n
MD5

0c858bb12c5eeb59a7add281fc6045be
SHA1

6517cc3d9ad5a6ffc82fce8097070684fa6a6282
SHA256

30d9ffd4b92a4ed67569a78ceb25bb6f66346d1c0a7d6d6305e235cbdfe61ebe
SHA512

096055c770e6f1e1fc1e2993fa565f17cf23b6aa67180662f95aab2adf034cc23baf687c57da74a9a8f85f27883b3f27a6d6edf02a49881b552ad858c3b7f2b6

Score

10^/10

biopass discovery persistence rat trojan

Malware Config

Targets

- Target
  
  30d9ffd4b92a4ed67569a78ceb25bb6f66346d1c0a7d6d6305e235cbdfe61ebe
- Size
  
  4MB
- MD5
  
  0c858bb12c5eeb59a7add281fc6045be
- SHA1
  
  6517cc3d9ad5a6ffc82fce8097070684fa6a6282
- SHA256
  
  30d9ffd4b92a4ed67569a78ceb25bb6f66346d1c0a7d6d6305e235cbdfe61ebe
- SHA512
  
  096055c770e6f1e1fc1e2993fa565f17cf23b6aa67180662f95aab2adf034cc23baf687c57da74a9a8f85f27883b3f27a6d6edf02a49881b552ad858c3b7f2b6
Score

10^/10

biopass rat trojan discovery persistence
- biopass
  BIOPASS is a RAT connected with Winnti group (APT41).
  rat trojan biopass
- family_biopass
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

T1112

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Peripheral Device Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Tasks

static1

behavioral1

biopassrattrojan

behavioral2

biopassdiscoverypersistencerattrojan