Overview

overview

10

Static

static

10

2e0aa3da45...db.bin

ubuntu-18.04-amd64

10

Resubmissions

06-09-2023 00:50

230906-a613wace39 10

02-06-2022 16:49

220602-vb6p4acdhn 10

18-05-2022 18:03

220518-wm78qsfbgl 5

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2e0aa3da45a0360d051359e1a038beff8551b957698f21756cfc6ed5539e4bdb.bin

  • Size

    30KB

  • Sample

    230906-a613wace39

  • MD5

    a4bbcbdb2d65d1b966943f6955c05048

  • SHA1

    68af74718f5eeb824258e69af5a23a3c0f6fb54d

  • SHA256

    2e0aa3da45a0360d051359e1a038beff8551b957698f21756cfc6ed5539e4bdb

  • SHA512

    4b5d69f3ceb9e2a9311bf08bc3b853dcddf2f33228e31dfaa3c6484dfc4057ba210c1995833bbd26eeea15496623a13e1c895e71e8094707c78ed4b6738274a6

  • SSDEEP

    384:fna1+r7+bTJta9vZxofpCjR1g/CNXyCEAFp0MyV4Eh6kSE0wyktwBZFAND7foVlX:SEPigZxiEXbFyMycctw5AIzrLFo

Score
10/10
bpfdoorbackdoorlinux

Malware Config

Targets

    • Target

      2e0aa3da45a0360d051359e1a038beff8551b957698f21756cfc6ed5539e4bdb.bin

    • Size

      30KB

    • MD5

      a4bbcbdb2d65d1b966943f6955c05048

    • SHA1

      68af74718f5eeb824258e69af5a23a3c0f6fb54d

    • SHA256

      2e0aa3da45a0360d051359e1a038beff8551b957698f21756cfc6ed5539e4bdb

    • SHA512

      4b5d69f3ceb9e2a9311bf08bc3b853dcddf2f33228e31dfaa3c6484dfc4057ba210c1995833bbd26eeea15496623a13e1c895e71e8094707c78ed4b6738274a6

    • SSDEEP

      384:fna1+r7+bTJta9vZxofpCjR1g/CNXyCEAFp0MyV4Eh6kSE0wyktwBZFAND7foVlX:SEPigZxiEXbFyMycctw5AIzrLFo

    Score
    10/10
    bpfdoorbackdoor

    • BPFDoor

      BPFDoor is an evasive Linux backdoor attributed to a Chinese threat actor called Red Menshen.

      backdoorbpfdoor

    • BPFDoor payload

    • Changes its process name

    • Creates Raw socket

      Creates a socket that captures raw packets at the device level

    • Executes dropped EXE

    behavioral1

MITRE ATT&CK Matrix

Tasks