Analysis
-
max time kernel
8s -
max time network
131s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
07-02-2024 19:03
General
-
Target
fe9f3b7451913f184e1f53b52a03a981dcea5564633cfcb70d01bd0aec8f30a7_unpacked_49
-
Size
27KB
-
MD5
75d389d0f987a21bf959ca222844516a
-
SHA1
ef03b84048193a158ecf1f7033ab0cc8869dd2a5
-
SHA256
b83127fbde5074247b81012553de69604365f7c4c378d8bcb54552c81ea85414
-
SHA512
96189c8db80c685b56f41a39ca8c319b6306240f10795e758a9812b2923dcc0d40d01551e7127c1e2c74fc6bfb2a3512ae4856040ff01bedd9fb4f22f5dc50a2
-
SSDEEP
768:BSD/o+FMXrThYxtXZZTthZbDRSDOfQEd0iFXPRPLd3:O/o+FMXrThYxtjTthZN0iFXPRPh
Malware Config
Signatures
-
BPFDoor payload 1 IoCs
Processes:
resource yara_rule /run/lock/balance family_bpfdoor_v1 -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes:
cpdescription ioc process File opened for reading /proc/filesystems cp
Processes
-
/tmp/fe9f3b7451913f184e1f53b52a03a981dcea5564633cfcb70d01bd0aec8f30a7_unpacked_49/tmp/fe9f3b7451913f184e1f53b52a03a981dcea5564633cfcb70d01bd0aec8f30a7_unpacked_491⤵
-
/bin/shsh -c "/bin/rm -f /var/lock/balance;/bin/cp /tmp/fe9f3b7451913f184e1f53b52a03a981dcea5564633cfcb70d01bd0aec8f30a7_unpacked_49 /var/lock/balance && /bin/chmod 755 /var/lock/balance && /var/lock/balance --init"2⤵
-
/bin/rm/bin/rm -f /var/lock/balance3⤵
-
/bin/cp/bin/cp /tmp/fe9f3b7451913f184e1f53b52a03a981dcea5564633cfcb70d01bd0aec8f30a7_unpacked_49 /var/lock/balance3⤵
- Reads runtime system information
-
/bin/chmod/bin/chmod 755 /var/lock/balance3⤵
-
/var/lock/balance/var/lock/balance --init3⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/run/lock/balanceFilesize
27KB
MD575d389d0f987a21bf959ca222844516a
SHA1ef03b84048193a158ecf1f7033ab0cc8869dd2a5
SHA256b83127fbde5074247b81012553de69604365f7c4c378d8bcb54552c81ea85414
SHA51296189c8db80c685b56f41a39ca8c319b6306240f10795e758a9812b2923dcc0d40d01551e7127c1e2c74fc6bfb2a3512ae4856040ff01bedd9fb4f22f5dc50a2