Bird_banner_small4
Trojan-Downloader.Win32.BioData.B
TSL ID TSL20171107-07
Severity Moderate
Description

Trojan-Downloader.Win32.BioData.B is a Trickler that targets the Windows platform. This malware has reportedly been used in a targeted attack. The malware arrives on the targeted system, embedded in a decopy document file which exploits the vulnerability in InPage program. The malware collects system information and sends it to a remote server. It can download and execute malicious files on the infected system. Furthermore, it adds a shortcut link in the user's Startup folder to survive system reboots.

Affected Products
  • Microsoft Windows All Versions
File Hashes
MD5:
  • FEC0CA2056D679A63CA18CB132223332
SHA1:
  • 5BF9D07D06BE22F999E2F94FD3DBCA4DD2EF0BE6
Identifiers
Kaspersky
  • TROJAN.WIN32.APOST.QR
TrendMicro
AhnLab
  • TROJAN/WIN32.APOST.C2243699
Antiy-AVL
  • TROJAN/WIN32.BIODATA
Arcabit
  • TROJAN.GENERIC.DBF3A1C
Avira
  • TR/DLDR.DELF.EOZDX
BitDefender
  • TROJAN.GENERICKD.12532252
Cyren
  • W32/TROJAN.WQDR-1683
DrWeb
  • TROJAN.DOWNLOADER25.53284
eset
  • WIN32/TROJANDOWNLOADER.DELF.SOY
Fortinet
  • W32/DELF.SOY!TR.DLDR
NANO
  • TROJAN.WIN32.APOST.EUTJWF
Qihoo-360
  • WIN32/TROJAN.8D0
Tencent
  • WIN32.TROJAN.APOST.EIBG
References https://researchcenter.paloaltonetworks.com/2017/11/unit42-recent-inpage-exploits-lead-multiple-malware-families/
Related Threats TSL20170816-02 - Trojan.Win32.Taskdespy.A