BIOPASS RAT: New Malware Sniffs Victims via Live Streaming Threat Researcher Threat Researcher Threat Researcher Threat Researcher

SHA256

Filename

Note

Analysis

84fbf74896d2a1b62d73b9a5d0be2f627d522fc811fe08044e5485492d2d4249

big.txt

BIOPASS RAT Python Script (Version 3)

TrojanSpy.Python.BIOPASS.A

f3c96145c9d6972df265e12accfcd1588cee8af1b67093011e31b44d0200871f

c1222.txt

BIOPASS RAT Python Script (C1222 module)

Trojan.Python.BIOPASS.A

0f8a87ca5f94949904804442c1a0651f99ba17ecf989f46a3b2fde8de455c4a4

c1222.txt

BIOPASS RAT Python Script (C1222 module)

Trojan.Python.BIOPASS.A

d8b1c4ad8f31c735c51cb24e9f767649f78ef5c571769fbaac9891c899c33444

c1222.txt

BIOPASS RAT Python Script (C1222 module)

Trojan.Python.BIOPASS.A

ee4150f18ed826c032e7407468beea3b1f738ba80b75a6be21bb8d59ee345466

c1222.txt

BIOPASS RAT Python Script (C1222 module)

Trojan.Python.BIOPASS.A

34be85754a84cc44e5bb752ee3a95e2832e7be1f611dd99e9a1233c812a6dad2

c1222.txt

BIOPASS RAT Python Script (C1222 module)

Trojan.Python.BIOPASS.A

30ccfbf24b7c8cc15f85541d5ec18feb0e19e75e1e4d2bca9941e6585dad7bc7

cdaemon.txt

BIOPASS RAT Python Script (Cdaemon module)

Trojan.Python.BIOPASS.A

f21decb19da8d8c07066a78839ffd8af6721b1f4323f10a1df030325a1a5e159

cdaemon.txt

BIOPASS RAT Python Script (Cdaemon module)

Trojan.Python.BIOPASS.A

40ab025d455083500bfb0c7c64e78967d4d06f91580912dccf332498681ebaf6

cdaemon.txt

BIOPASS RAT Python Script (Cdaemon module)

Trojan.Python.BIOPASS.A

e479823aa41d3f6416233dba8e765cf2abaa38ad18328859a20b88df7f1d88d5

sc2.txt

BIOPASS RAT encoded Cobalt Strike shellcode

Trojan.Win32.COBEACON.A

e567fd0f08fdafc5a89c9084373f3308ef464918ff7e4ecd7fb3135d777e946d

sc3.txt

BIOPASS RAT encoded Cobalt Strike shellcode

Trojan.Win32.COBEACON.A

0c8c11d0206c223798d83d8498bb21231bbeb30536a20ea29a5d9273bc63313d

s.txt

BIOPASS RAT encoded Cobalt Strike shellcode

Trojan.Win32.COBEACON.A

2beabd8a9d9a485ab6d850f67ec25abbd66bf97b933ecc13cf0d63198e9ba26e

x.txt

Python script of Cobalt Strike shellcode loader

Trojan.Python.COBEACON.A

00977e254e744d4a242b552d055afe9d6429a5c3adb4ba169f302a53ba31795d

1-CS-443.lua

LUA script of Cobalt Strike shellcode loader

Trojan.Win32.COBEACON.BG

dbb6c40cb1a49f4d1a5adc7f215e8e15f80b9f0b11db34c84e74a99e41671e06

Online.txt

BIOPASS RAT Python Script (local online server)

Trojan.Python.BIOPASS.A

943e8c9b0a0a37237ec429cb8a3ff3b39097949e6c57baf43918a34b0110dd8f

getwechatdb.txt

BIOPASS RAT Python Script (getwechatdb plugin script)

TrojanSpy.Python.BIOPASS.A

760fe7645134100301c69289a366bb92ab14927a7fbb9b405c1352989f16488c

wechat.txt

BIOPASS RAT Python Script (getwechatdb plugin script)

TrojanSpy.Python.BIOPASS.A

bdf7ebb2b38ea0c3dfb13da5d9cc56bf439d0519b29c3da61d2b2c0ab5bc6011

xss_spoof.zip

BIOPASS RAT Python Script (xss_spoof plugin package)

Trojan.Python.BIOPASS.A

e3183f52a388774545882c6148613c67a99086e5eb8d17a37158fc599ba8254b

x.js

XSS watering hole attack script

Trojan.JS.BIOPASS.A

d3956e237066a7c221cc4aaec27935d53f14db8ab4b1c018c84f6fccfd5d0058

script.txt

XSS attack JavaScript payload

Trojan.JS.BIOPASS.A

4e804bde376dc02daedf7674893470be633f8e2bda96fa64878bb1fcf3209f60

xss.txt

XSS attack HTML payload

Trojan.HTML.BIOPASS.A

05d1c273a4caeae787b2c3faf381b5480b27d836cd6e41266f3eb505dcee6186

flash.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

09530096643b835cff71a1e48020866fd0d4d0f643fe07f96acdcd06ce11dfa4

test-ticker.exe

BIOPASS RAT Loader

Backdoor.Win32.BIOPASS.A

0b16dfa3e0bbcc7b04a9a43309e911059a4d8c5892b1068e0441b177960d3eee

Silverlight_ins.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

0f18694b400e14eb995003541f16f75a5afc2478cc415a6295d171ba93565a82

flash_installer.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

11b785e77cbfa2d3849575cdfabd85d41bae3f2e0d33a77e7e2c46a45732d6e4

System.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

2243c10b1bd64dfb55eda08bc8b85610d7fa5ba759527b4b4dd16dfac584ef25

test3.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

281c938448e32eb12fe8c5439ef06cea848668cf57fed5ad64b9a8d1e07de561

flash1.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

2b580af1cdc4655ae75ef503aba7600e05cdd68b056a9354a2184b7fbb24db6f

Silverlight_ins.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

30a65a54acfbf8d412ade728cad86c5c769befa4e456f7c0e552e1ab0862a446

flash-64.exe

BIOPASS RAT Loader

Backdoor.Win32.BIOPASS.A

30d9ffd4b92a4ed67569a78ceb25bb6f66346d1c0a7d6d6305e235cbdfe61ebe

Silverlight_ins.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

3195c355aa564ea66b4b37baa9547cb53dde7cf4ae7010256db92fff0bde873d

flash.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

32a3934d96a8f2dae805fa28355cd0155c22ffad4545f9cd9c1ba1e9545b39ac

test.exe

BIOPASS RAT Loader

Backdoor.Win32.BIOPASS.A

32c1460ba5707783f1bbaedab5e5eab21d762094106d6af8fa6b2f0f0d777c1a

test3.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

344cdbc2a7e0908cb6638bc7b81b6b697b32755bad3bed09c511866eff3876c7

test4.exe

BIOPASS RAT Loader

Backdoor.Win32.BIOPASS.A

3589e53c59d9807cca709387bbcaaffc7e24e15d9a78425b717fc55c779b928e           

flash.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

36e3fcd6a4c7c9db985be77ea6394b2ed019332fdae4739df2f96a541ea52617

Silverlight.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

3e8f8b8a5f70c195a2e4d4fc7f80523809f6dbf9ead061ce8ef04fb489a577cf

test-flash.exe

BIOPASS RAT Loader

Backdoor.Win32.BIOPASS.A

5d7aa3474e734913ecb4b820c0c546c92f7684081c519eecd3990e11a19bf2ba

flash_installer.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

5fd2da648068f75a4a66b08d6d93793f735be62ae88085a79d839b6a0d6d859a

flash1.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

660cef8210f823acb0b31d78fbce1d6f3f8c4f43231286f7ac69f75b2c42c020

flashplayerpp_install_cn.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

69d930050b2445937ec6a4f9887296928bf663f7a71132676be3f112e80fe275

test.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

6a0976e5f9d07ff3d80fa2958976183758ba5fcdd4645e391614a347b4b8e64b

f0b96efe2f714e7bddf76cc90a8b8c88_se.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

6ee8f6a0c514a5bd25f7a32210f4b3fe878d9d417a7ebe07befc285131bae10e

news.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

75e03f40a088903579a436c0d8e8bc3d0d71cf2942ad793cc948f36866a2e1ad

silverlight_ins.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

7d0d7d416db5bd7201420982987e213a129eef2314193e4558a24f3c9a91a38e

flash_installer.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

7f4e02a041ca7cfbdc79b96a890822fd7c37be67b1f6c9e07596e6aec57ccdc0

Silverlight.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

8445c0189735766edf0e3d01b91f6f98563fef272ac5c92d3701a1174ad072dd

Silverlight_ins.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

89c0b2036ce8d1d91f6d8b8171219aafcd6237c811770fa16edf922cedfecc54

MTYwOTI1MzEzNQ==.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

8b5d4840bbdce0798950cd5584e3d4564581a7698bc6cfb2892c97b826129cec

Silverlight_ins.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

932B45AB117960390324678B0696EF0E07D7F8DE1FA0B94C529F243610F1DCC9

flash_ins.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

98a91356e0094c96d81bd27af407dd48c3c91aaf97da6794aeb303597a773749

Silverlight1.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

9eed9a2e0edf38f6354f4e57b3a6b9bed5b19263f54bcee19e66fc8af0c29e4e

test.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

9f34d28562e7e1e3721bbf679c58aa8f5898995ed999a641f26de120f3a42cf4

Silverlight1.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

9ff906ffcde32e4c6fb3ea4652e6d6326713a7fde8bb783b52f12a1f382f8798

test.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

a7c4dac7176e291bd2aba860e1aa301fb5f7d880794f493f2dea0982e2b7eb31

test.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

b48e01ff816f12125f9f4cfc9180d534c7c57ef4ee50c0ebbe445e88d4ade939

test.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

b82bde3fe5ee900a76ac27b4869ed9aa0802c63bbd72b3bfb0f1abce6340cc6c

Silverlight_ins.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

b9d0838be8952ebd4218c8f548ce94901f789ec1e32f5eaf46733f0c94c77999

Silverlight_ins.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

ba44c22a3224c3a201202b69d86df2a78f0cd1d4ac1119eb29cae33f09027a9a

Silverlight2.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

bd8dc7e3909f6663c0fff653d7afbca2b89f2e9bc6f27adaab27f640ccf52975

Silverlight.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

bf4f50979b7b29f2b6d192630b8d7b76adb9cb65157a1c70924a47bf519c4edd

test.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

c11906210465045a54a5de1053ce0624308a8c7b342bb707a24e534ca662dc89

test-flash.exe

BIOPASS RAT Loader

Backdoor.Win32.BIOPASS.A

c3fa69e15a63b151f8d1dc3018284e153ad2eb672d54555eaeaac79396b64e3b

test.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

c47fabc47806961f908bed37d6b1bbbfd183d564a2d01b7cae87bd95c20ff8a5

flashplayerpp_install_cn.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

c8542bffc7a2074b8d84c4de5f18e3c8ced30b1f6edc13047ce99794b388285c

flash2.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

cce6b17084a996e2373aaebbace944a17d3e3745e9d88efad4947840ae92fd55

Silverlight_ins.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

d18d84d32a340d20ab07a36f9e4b959495ecd88d7b0e9799399fcc4e959f536b

flash_installer.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

e4109875e84b3e9952ef362abc5b826c003b3d0b1b06d530832359906b0b8831

flash.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

e52ea54cfe3afd93a53e368245c5630425e326291bf1b2599b75dbf8e75b7aeb

flashplayer_install_cn.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

f1ad25b594a855a3c9af75c5da74b44d900f6fbb655033f9a98a956292011c8e

Silverlight.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

fa1d70b6b5b1a5e478c7d9d840aae0cc23d80476d9eea884a73d1b7e3926a209

64.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

fa7fbca583b22d92ae6d832d90ee637cc6ac840203cd059c6582298beb955aee

test.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

fb770a3815c9ebcf1ba46b75b8f3686acc1af903de30c43bab8b86e5b46de851

test4.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

fb812a2ccdab0a9703e8e4e12c479ff809a72899374c1abf06aef55abbbf8edc

flash_installer.exe

BIOPASS RAT Loader

Backdoor.Win64.BIOPASS.A

ee2e9a1d3b593fd464f885b734d469d047cdb1bc879e568e7c33d786e8d1e8e2

aos.exe

BIOPASS RAT binary (PyInstaller)

Trojan.Win32.BIOPASS.A

afbfe16cbdd574d64c24ad97810b04db509505522e5bb7b9ca3b497efc731045

socketio.exe

BIOPASS RAT binary (Nuitka)

Trojan.Win32.BIOPASS.A

0b9f605926df4ff190ddc6c11e0f5839bffe431a3ddfd90acde1fcd2f91dada3

socketio.exe

BIOPASS RAT binary (Nuitka)

Trojan.Win32.BIOPASS.A

6fc307063c376b8be2d3a9545959e068884d9cf7f819b176adf676fc4addef7d

flash_ins_bak.exe

BIOPASS RAT binary (Nuitka)

Trojan.Win32.BIOPASS.A

7249ad971283e164b0489110c23f4e40c64ee49b49bcc5cd0d32d9e701ec2114

files.zip

BIOPASS RAT binary (Nuitka)

Trojan.Win32.BIOPASS.A

de17e583a4d112ce513efd4b7cb575d272dcceef229f81360ebdfa5a1e083f11

fn.exe

BIOPASS RAT binary (Nuitka)

Trojan.Win32.BIOPASS.A

17e43d31585b4c3ac6bf724bd7263761af75a59335b285b045fce597b3825ed0

systemsetting.exe

BIOPASS RAT binary (PyInstaller)

Trojan.Win32.BIOPASS.A

b3bd28951789ef7cfaf659e07e198b45b04a2f3cde268e6ede4d4f877959341e

systemsetting.exe

BIOPASS RAT binary (PyInstaller)

Trojan.Win32.BIOPASS.A

e0caebfbd2804fcde30e75f2c6d06e84b3bf89ed85db34d6f628b25dca7a9a0f           

YIZHI_SIGNED.exe

BIOPASS RAT binary (PyInstaller)

Trojan.Win32.BIOPASS.A

2503549352527cb0ffa1811a44481f6980961d98f9d5a96d5926d5676c31b9ee

socketio.exe

BIOPASS RAT binary (Nuitka)

Trojan.Win32.BIOPASS.A

8ba72a391fb653b2cc1e5caa6f927efdf46568638bb4fc25e6f01dc36a96533b

flashplayerpp_install_cn.exe

BIOPASS RAT binary (Nuitka)

Trojan.Win32.BIOPASS.A

e5fdb754c1a7c36c288c46765c9258bb2c7f38fa2a99188a623182f877da3783

beep.sys

Derusbi

Trojan.Win64.DERUSBI.C

a7e9e2bec3ad283a9a0b130034e822c8b6dfd26dda855f883a3a4ff785514f97

Browser_plugin (8).exe

Cobalt Strike Loader

Trojan.Win64.COBEACON.SUX

Read More HERE