BIOPASS RAT: New Malware Sniffs Victims via Live Streaming Threat Researcher Threat Researcher Threat Researcher Threat Researcher
SHA256
Filename
Note
Analysis
84fbf74896d2a1b62d73b9a5d0be2f627d522fc811fe08044e5485492d2d4249
big.txt
BIOPASS RAT Python Script (Version 3)
TrojanSpy.Python.BIOPASS.A
f3c96145c9d6972df265e12accfcd1588cee8af1b67093011e31b44d0200871f
c1222.txt
BIOPASS RAT Python Script (C1222 module)
Trojan.Python.BIOPASS.A
0f8a87ca5f94949904804442c1a0651f99ba17ecf989f46a3b2fde8de455c4a4
c1222.txt
BIOPASS RAT Python Script (C1222 module)
Trojan.Python.BIOPASS.A
d8b1c4ad8f31c735c51cb24e9f767649f78ef5c571769fbaac9891c899c33444
c1222.txt
BIOPASS RAT Python Script (C1222 module)
Trojan.Python.BIOPASS.A
ee4150f18ed826c032e7407468beea3b1f738ba80b75a6be21bb8d59ee345466
c1222.txt
BIOPASS RAT Python Script (C1222 module)
Trojan.Python.BIOPASS.A
34be85754a84cc44e5bb752ee3a95e2832e7be1f611dd99e9a1233c812a6dad2
c1222.txt
BIOPASS RAT Python Script (C1222 module)
Trojan.Python.BIOPASS.A
30ccfbf24b7c8cc15f85541d5ec18feb0e19e75e1e4d2bca9941e6585dad7bc7
cdaemon.txt
BIOPASS RAT Python Script (Cdaemon module)
Trojan.Python.BIOPASS.A
f21decb19da8d8c07066a78839ffd8af6721b1f4323f10a1df030325a1a5e159
cdaemon.txt
BIOPASS RAT Python Script (Cdaemon module)
Trojan.Python.BIOPASS.A
40ab025d455083500bfb0c7c64e78967d4d06f91580912dccf332498681ebaf6
cdaemon.txt
BIOPASS RAT Python Script (Cdaemon module)
Trojan.Python.BIOPASS.A
e479823aa41d3f6416233dba8e765cf2abaa38ad18328859a20b88df7f1d88d5
sc2.txt
BIOPASS RAT encoded Cobalt Strike shellcode
Trojan.Win32.COBEACON.A
e567fd0f08fdafc5a89c9084373f3308ef464918ff7e4ecd7fb3135d777e946d
sc3.txt
BIOPASS RAT encoded Cobalt Strike shellcode
Trojan.Win32.COBEACON.A
0c8c11d0206c223798d83d8498bb21231bbeb30536a20ea29a5d9273bc63313d
s.txt
BIOPASS RAT encoded Cobalt Strike shellcode
Trojan.Win32.COBEACON.A
2beabd8a9d9a485ab6d850f67ec25abbd66bf97b933ecc13cf0d63198e9ba26e
x.txt
Python script of Cobalt Strike shellcode loader
Trojan.Python.COBEACON.A
00977e254e744d4a242b552d055afe9d6429a5c3adb4ba169f302a53ba31795d
1-CS-443.lua
LUA script of Cobalt Strike shellcode loader
dbb6c40cb1a49f4d1a5adc7f215e8e15f80b9f0b11db34c84e74a99e41671e06
Online.txt
BIOPASS RAT Python Script (local online server)
Trojan.Python.BIOPASS.A
943e8c9b0a0a37237ec429cb8a3ff3b39097949e6c57baf43918a34b0110dd8f
getwechatdb.txt
BIOPASS RAT Python Script (getwechatdb plugin script)
TrojanSpy.Python.BIOPASS.A
760fe7645134100301c69289a366bb92ab14927a7fbb9b405c1352989f16488c
wechat.txt
BIOPASS RAT Python Script (getwechatdb plugin script)
TrojanSpy.Python.BIOPASS.A
bdf7ebb2b38ea0c3dfb13da5d9cc56bf439d0519b29c3da61d2b2c0ab5bc6011
xss_spoof.zip
BIOPASS RAT Python Script (xss_spoof plugin package)
Trojan.Python.BIOPASS.A
e3183f52a388774545882c6148613c67a99086e5eb8d17a37158fc599ba8254b
x.js
XSS watering hole attack script
Trojan.JS.BIOPASS.A
d3956e237066a7c221cc4aaec27935d53f14db8ab4b1c018c84f6fccfd5d0058
script.txt
XSS attack JavaScript payload
Trojan.JS.BIOPASS.A
4e804bde376dc02daedf7674893470be633f8e2bda96fa64878bb1fcf3209f60
xss.txt
XSS attack HTML payload
Trojan.HTML.BIOPASS.A
05d1c273a4caeae787b2c3faf381b5480b27d836cd6e41266f3eb505dcee6186
flash.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
09530096643b835cff71a1e48020866fd0d4d0f643fe07f96acdcd06ce11dfa4
test-ticker.exe
BIOPASS RAT Loader
Backdoor.Win32.BIOPASS.A
0b16dfa3e0bbcc7b04a9a43309e911059a4d8c5892b1068e0441b177960d3eee
Silverlight_ins.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
0f18694b400e14eb995003541f16f75a5afc2478cc415a6295d171ba93565a82
flash_installer.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
11b785e77cbfa2d3849575cdfabd85d41bae3f2e0d33a77e7e2c46a45732d6e4
System.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
2243c10b1bd64dfb55eda08bc8b85610d7fa5ba759527b4b4dd16dfac584ef25
test3.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
281c938448e32eb12fe8c5439ef06cea848668cf57fed5ad64b9a8d1e07de561
flash1.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
2b580af1cdc4655ae75ef503aba7600e05cdd68b056a9354a2184b7fbb24db6f
Silverlight_ins.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
30a65a54acfbf8d412ade728cad86c5c769befa4e456f7c0e552e1ab0862a446
flash-64.exe
BIOPASS RAT Loader
Backdoor.Win32.BIOPASS.A
30d9ffd4b92a4ed67569a78ceb25bb6f66346d1c0a7d6d6305e235cbdfe61ebe
Silverlight_ins.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
3195c355aa564ea66b4b37baa9547cb53dde7cf4ae7010256db92fff0bde873d
flash.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
32a3934d96a8f2dae805fa28355cd0155c22ffad4545f9cd9c1ba1e9545b39ac
test.exe
BIOPASS RAT Loader
Backdoor.Win32.BIOPASS.A
32c1460ba5707783f1bbaedab5e5eab21d762094106d6af8fa6b2f0f0d777c1a
test3.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
344cdbc2a7e0908cb6638bc7b81b6b697b32755bad3bed09c511866eff3876c7
test4.exe
BIOPASS RAT Loader
Backdoor.Win32.BIOPASS.A
3589e53c59d9807cca709387bbcaaffc7e24e15d9a78425b717fc55c779b928e
flash.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
36e3fcd6a4c7c9db985be77ea6394b2ed019332fdae4739df2f96a541ea52617
Silverlight.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
3e8f8b8a5f70c195a2e4d4fc7f80523809f6dbf9ead061ce8ef04fb489a577cf
test-flash.exe
BIOPASS RAT Loader
Backdoor.Win32.BIOPASS.A
5d7aa3474e734913ecb4b820c0c546c92f7684081c519eecd3990e11a19bf2ba
flash_installer.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
5fd2da648068f75a4a66b08d6d93793f735be62ae88085a79d839b6a0d6d859a
flash1.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
660cef8210f823acb0b31d78fbce1d6f3f8c4f43231286f7ac69f75b2c42c020
flashplayerpp_install_cn.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
69d930050b2445937ec6a4f9887296928bf663f7a71132676be3f112e80fe275
test.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
6a0976e5f9d07ff3d80fa2958976183758ba5fcdd4645e391614a347b4b8e64b
f0b96efe2f714e7bddf76cc90a8b8c88_se.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
6ee8f6a0c514a5bd25f7a32210f4b3fe878d9d417a7ebe07befc285131bae10e
news.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
75e03f40a088903579a436c0d8e8bc3d0d71cf2942ad793cc948f36866a2e1ad
silverlight_ins.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
7d0d7d416db5bd7201420982987e213a129eef2314193e4558a24f3c9a91a38e
flash_installer.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
7f4e02a041ca7cfbdc79b96a890822fd7c37be67b1f6c9e07596e6aec57ccdc0
Silverlight.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
8445c0189735766edf0e3d01b91f6f98563fef272ac5c92d3701a1174ad072dd
Silverlight_ins.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
89c0b2036ce8d1d91f6d8b8171219aafcd6237c811770fa16edf922cedfecc54
MTYwOTI1MzEzNQ==.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
8b5d4840bbdce0798950cd5584e3d4564581a7698bc6cfb2892c97b826129cec
Silverlight_ins.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
932B45AB117960390324678B0696EF0E07D7F8DE1FA0B94C529F243610F1DCC9
flash_ins.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
98a91356e0094c96d81bd27af407dd48c3c91aaf97da6794aeb303597a773749
Silverlight1.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
9eed9a2e0edf38f6354f4e57b3a6b9bed5b19263f54bcee19e66fc8af0c29e4e
test.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
9f34d28562e7e1e3721bbf679c58aa8f5898995ed999a641f26de120f3a42cf4
Silverlight1.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
9ff906ffcde32e4c6fb3ea4652e6d6326713a7fde8bb783b52f12a1f382f8798
test.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
a7c4dac7176e291bd2aba860e1aa301fb5f7d880794f493f2dea0982e2b7eb31
test.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
b48e01ff816f12125f9f4cfc9180d534c7c57ef4ee50c0ebbe445e88d4ade939
test.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
b82bde3fe5ee900a76ac27b4869ed9aa0802c63bbd72b3bfb0f1abce6340cc6c
Silverlight_ins.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
b9d0838be8952ebd4218c8f548ce94901f789ec1e32f5eaf46733f0c94c77999
Silverlight_ins.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
ba44c22a3224c3a201202b69d86df2a78f0cd1d4ac1119eb29cae33f09027a9a
Silverlight2.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
bd8dc7e3909f6663c0fff653d7afbca2b89f2e9bc6f27adaab27f640ccf52975
Silverlight.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
bf4f50979b7b29f2b6d192630b8d7b76adb9cb65157a1c70924a47bf519c4edd
test.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
c11906210465045a54a5de1053ce0624308a8c7b342bb707a24e534ca662dc89
test-flash.exe
BIOPASS RAT Loader
Backdoor.Win32.BIOPASS.A
c3fa69e15a63b151f8d1dc3018284e153ad2eb672d54555eaeaac79396b64e3b
test.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
c47fabc47806961f908bed37d6b1bbbfd183d564a2d01b7cae87bd95c20ff8a5
flashplayerpp_install_cn.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
c8542bffc7a2074b8d84c4de5f18e3c8ced30b1f6edc13047ce99794b388285c
flash2.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
cce6b17084a996e2373aaebbace944a17d3e3745e9d88efad4947840ae92fd55
Silverlight_ins.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
d18d84d32a340d20ab07a36f9e4b959495ecd88d7b0e9799399fcc4e959f536b
flash_installer.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
e4109875e84b3e9952ef362abc5b826c003b3d0b1b06d530832359906b0b8831
flash.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
e52ea54cfe3afd93a53e368245c5630425e326291bf1b2599b75dbf8e75b7aeb
flashplayer_install_cn.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
f1ad25b594a855a3c9af75c5da74b44d900f6fbb655033f9a98a956292011c8e
Silverlight.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
fa1d70b6b5b1a5e478c7d9d840aae0cc23d80476d9eea884a73d1b7e3926a209
64.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
fa7fbca583b22d92ae6d832d90ee637cc6ac840203cd059c6582298beb955aee
test.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
fb770a3815c9ebcf1ba46b75b8f3686acc1af903de30c43bab8b86e5b46de851
test4.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
fb812a2ccdab0a9703e8e4e12c479ff809a72899374c1abf06aef55abbbf8edc
flash_installer.exe
BIOPASS RAT Loader
Backdoor.Win64.BIOPASS.A
ee2e9a1d3b593fd464f885b734d469d047cdb1bc879e568e7c33d786e8d1e8e2
aos.exe
BIOPASS RAT binary (PyInstaller)
Trojan.Win32.BIOPASS.A
afbfe16cbdd574d64c24ad97810b04db509505522e5bb7b9ca3b497efc731045
socketio.exe
BIOPASS RAT binary (Nuitka)
Trojan.Win32.BIOPASS.A
0b9f605926df4ff190ddc6c11e0f5839bffe431a3ddfd90acde1fcd2f91dada3
socketio.exe
BIOPASS RAT binary (Nuitka)
Trojan.Win32.BIOPASS.A
6fc307063c376b8be2d3a9545959e068884d9cf7f819b176adf676fc4addef7d
flash_ins_bak.exe
BIOPASS RAT binary (Nuitka)
Trojan.Win32.BIOPASS.A
7249ad971283e164b0489110c23f4e40c64ee49b49bcc5cd0d32d9e701ec2114
files.zip
BIOPASS RAT binary (Nuitka)
Trojan.Win32.BIOPASS.A
de17e583a4d112ce513efd4b7cb575d272dcceef229f81360ebdfa5a1e083f11
fn.exe
BIOPASS RAT binary (Nuitka)
Trojan.Win32.BIOPASS.A
17e43d31585b4c3ac6bf724bd7263761af75a59335b285b045fce597b3825ed0
systemsetting.exe
BIOPASS RAT binary (PyInstaller)
Trojan.Win32.BIOPASS.A
b3bd28951789ef7cfaf659e07e198b45b04a2f3cde268e6ede4d4f877959341e
systemsetting.exe
BIOPASS RAT binary (PyInstaller)
Trojan.Win32.BIOPASS.A
e0caebfbd2804fcde30e75f2c6d06e84b3bf89ed85db34d6f628b25dca7a9a0f
YIZHI_SIGNED.exe
BIOPASS RAT binary (PyInstaller)
Trojan.Win32.BIOPASS.A
2503549352527cb0ffa1811a44481f6980961d98f9d5a96d5926d5676c31b9ee
socketio.exe
BIOPASS RAT binary (Nuitka)
Trojan.Win32.BIOPASS.A
8ba72a391fb653b2cc1e5caa6f927efdf46568638bb4fc25e6f01dc36a96533b
flashplayerpp_install_cn.exe
BIOPASS RAT binary (Nuitka)
Trojan.Win32.BIOPASS.A
e5fdb754c1a7c36c288c46765c9258bb2c7f38fa2a99188a623182f877da3783
beep.sys
Derusbi
Trojan.Win64.DERUSBI.C
a7e9e2bec3ad283a9a0b130034e822c8b6dfd26dda855f883a3a4ff785514f97
Browser_plugin (8).exe
Cobalt Strike Loader
Trojan.Win64.COBEACON.SUX
Read More HERE