Resubmissions

06-09-2023 00:49

230906-a6cehsce37 10

31-07-2023 12:28

230731-pnngdsgd4v 10

28-02-2021 08:09

210228-xd259lnnps 5

General

  • Target

    fa0defdabd9fd43fe2ef1ec33574ea1af1290bd3d763fdb2bed443f2bd996d73

  • Size

    28KB

  • Sample

    230906-a6cehsce37

  • MD5

    0017f7b913ce66e4d80f7e78cf830a2b

  • SHA1

    f1bf775746a5c882b9ec003617b2a70cf5a5b029

  • SHA256

    fa0defdabd9fd43fe2ef1ec33574ea1af1290bd3d763fdb2bed443f2bd996d73

  • SHA512

    ff5dd28ba3f5ce1f85f85fa9b65f9f30fbd300f2ca238cb2713da7077b7a0a8ff094cff4d7de9381726925abdd9ea065fa75ccd02fa5a816b71a6f91479363c1

  • SSDEEP

    384:D4Vc7TIqaFxrfIyqk/MyV36nk/h0iFHCN7qvUa+BlmYJNZRR5uRh0I:D4gQAsMyOi0iFHCF3zZX5uRh0I

Score
10/10

Malware Config

Targets

    • Target

      fa0defdabd9fd43fe2ef1ec33574ea1af1290bd3d763fdb2bed443f2bd996d73

    • Size

      28KB

    • MD5

      0017f7b913ce66e4d80f7e78cf830a2b

    • SHA1

      f1bf775746a5c882b9ec003617b2a70cf5a5b029

    • SHA256

      fa0defdabd9fd43fe2ef1ec33574ea1af1290bd3d763fdb2bed443f2bd996d73

    • SHA512

      ff5dd28ba3f5ce1f85f85fa9b65f9f30fbd300f2ca238cb2713da7077b7a0a8ff094cff4d7de9381726925abdd9ea065fa75ccd02fa5a816b71a6f91479363c1

    • SSDEEP

      384:D4Vc7TIqaFxrfIyqk/MyV36nk/h0iFHCN7qvUa+BlmYJNZRR5uRh0I:D4gQAsMyOi0iFHCF3zZX5uRh0I

    Score
    10/10
    • BPFDoor

      BPFDoor is an evasive Linux backdoor attributed to a Chinese threat actor called Red Menshen.

    • BPFDoor payload

    • Changes its process name

    • Creates Raw socket

      Creates a socket that captures raw packets at the device level

    • Executes dropped EXE

MITRE ATT&CK Matrix

Tasks