bpfdoor | fa0defdabd9fd43fe2ef1ec33574ea1af1290bd3d763fdb2bed443f2bd996d73 | Triage

Submit
Reports

Overview

overview

Static

static

fa0defdabd...996d73

ubuntu-18.04-amd64

Resubmissions

06-09-2023 00:49

230906-a6cehsce37 10

31-07-2023 12:28

230731-pnngdsgd4v 10

28-02-2021 08:09

210228-xd259lnnps 5

Sharing

General

Target

fa0defdabd9fd43fe2ef1ec33574ea1af1290bd3d763fdb2bed443f2bd996d73
Size

28KB
Sample

230906-a6cehsce37
MD5

0017f7b913ce66e4d80f7e78cf830a2b
SHA1

f1bf775746a5c882b9ec003617b2a70cf5a5b029
SHA256

fa0defdabd9fd43fe2ef1ec33574ea1af1290bd3d763fdb2bed443f2bd996d73
SHA512

ff5dd28ba3f5ce1f85f85fa9b65f9f30fbd300f2ca238cb2713da7077b7a0a8ff094cff4d7de9381726925abdd9ea065fa75ccd02fa5a816b71a6f91479363c1
SSDEEP

384:D4Vc7TIqaFxrfIyqk/MyV36nk/h0iFHCN7qvUa+BlmYJNZRR5uRh0I:D4gQAsMyOi0iFHCF3zZX5uRh0I

Score

10^/10

bpfdoor backdoor linux

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

fa0defdabd9fd43fe2ef1ec33574ea1af1290bd3d763fdb2bed443f2bd996d73

Resource

ubuntu1804-amd64-20230831-en

bpfdoor backdoor

ubuntu-18.04-amd64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  fa0defdabd9fd43fe2ef1ec33574ea1af1290bd3d763fdb2bed443f2bd996d73
- Size
  
  28KB
- MD5
  
  0017f7b913ce66e4d80f7e78cf830a2b
- SHA1
  
  f1bf775746a5c882b9ec003617b2a70cf5a5b029
- SHA256
  
  fa0defdabd9fd43fe2ef1ec33574ea1af1290bd3d763fdb2bed443f2bd996d73
- SHA512
  
  ff5dd28ba3f5ce1f85f85fa9b65f9f30fbd300f2ca238cb2713da7077b7a0a8ff094cff4d7de9381726925abdd9ea065fa75ccd02fa5a816b71a6f91479363c1
- SSDEEP
  
  384:D4Vc7TIqaFxrfIyqk/MyV36nk/h0iFHCN7qvUa+BlmYJNZRR5uRh0I:D4gQAsMyOi0iFHCF3zZX5uRh0I
Score

10^/10

bpfdoor backdoor
- BPFDoor
  BPFDoor is an evasive Linux backdoor attributed to a Chinese threat actor called Red Menshen.
  backdoor bpfdoor
- BPFDoor payload
- Changes its process name
- Creates Raw socket
  Creates a socket that captures raw packets at the device level
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bpfdoorbackdoor

© 2018-2024

Terms | Privacy