BIOLOAD

Description

(Fortinet) The loader file name is WinBio.dll (note the uppercase characters) and is placed by the attacker alongside the executable in the same folder (‘WinBioPlugIns’), thus leveraging the default DLL search order. Because the file path is under %WINDIR%, it means that in order to plant it the attacker needed to have elevated privileges on the victim’s machine such as administrator or a SYSTEM account.

Like Boostwrite, this loader was also developed in C++. It exports only a single function which is the one FaceFodUninstaller.exe imports.

Names

Name
BIOLOAD

Type

Loader

Information

https://www.fortinet.com/blog/threat-research/bioload-fin7-boostwrite-lost-twin.html

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.bioload

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:BIOLOAD

Other Information

Uuid

fa66fc13-61f7-44c0-869d-8c5f8509b1bb

Last Card Change

2021-04-24

Threat Intelligence Garden

Explorer

BIOLOAD

BIOLOAD

Description

Names

Category

Type

Information

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks