bpfdoor | cca78516c62e1b7cf3c56b665a3537dca6beb54d335c633454b325fd44c4f760 | Triage

Submit
Reports

Overview

overview

Static

static

cca78516c6...c4f760

ubuntu-18.04-amd64

Sharing

General

Target

cca78516c62e1b7cf3c56b665a3537dca6beb54d335c633454b325fd44c4f760
Size

27KB
Sample

230515-n19dysde6t
MD5

b4b92c6cd0ddfc27f38c45cbac0d0f01
SHA1

037d51686f2c5749b78a4a9ce638966aea8798a1
SHA256

cca78516c62e1b7cf3c56b665a3537dca6beb54d335c633454b325fd44c4f760
SHA512

b96173503c265547b7473b5b13822f05c38f71ebfbee78dc75f778d2e63755d26c7bd13f7207163432d38690434c873214e830a3a7217cd4d2f02975e3254b7c
SSDEEP

768:ttDPYOFMXrThYxt+2ZcMyObDRSDfPrgd0iFn79+Rt:bPYOFMXrThYxttcMyOh0iF7gR

Score

10^/10

bpfdoor backdoor linux

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

cca78516c62e1b7cf3c56b665a3537dca6beb54d335c633454b325fd44c4f760

Resource

ubuntu1804-amd64-20221111-en

bpfdoor backdoor

ubuntu-18.04-amd64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  cca78516c62e1b7cf3c56b665a3537dca6beb54d335c633454b325fd44c4f760
- Size
  
  27KB
- MD5
  
  b4b92c6cd0ddfc27f38c45cbac0d0f01
- SHA1
  
  037d51686f2c5749b78a4a9ce638966aea8798a1
- SHA256
  
  cca78516c62e1b7cf3c56b665a3537dca6beb54d335c633454b325fd44c4f760
- SHA512
  
  b96173503c265547b7473b5b13822f05c38f71ebfbee78dc75f778d2e63755d26c7bd13f7207163432d38690434c873214e830a3a7217cd4d2f02975e3254b7c
- SSDEEP
  
  768:ttDPYOFMXrThYxt+2ZcMyObDRSDfPrgd0iFn79+Rt:bPYOFMXrThYxttcMyOh0iF7gR
Score

10^/10

bpfdoor backdoor
- BPFDoor
  BPFDoor is an evasive Linux backdoor attributed to a Chinese threat actor called Red Menshen.
  backdoor bpfdoor
- BPFDoor payload
- Reads runtime system information
  Reads data from /proc virtual filesystem.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bpfdoorbackdoor

© 2018-2024

Terms | Privacy