bpfdoor | 3a1b174f0c19c28f71e1babde01982c56d38d3672ea14d47c35ae3062e49b155 | Triage

Submit
Reports

Overview

overview

Static

static

3a1b174f0c...49b155

ubuntu-18.04-amd64

Sharing

General

Target

3a1b174f0c19c28f71e1babde01982c56d38d3672ea14d47c35ae3062e49b155
Size

28KB
Sample

240410-mgjhrafd3s
MD5

f8236fd4066e8bfea11d6a6420cfc16a
SHA1

01c895b0c46e77fa41e0033b3beaff0fc7a01562
SHA256

3a1b174f0c19c28f71e1babde01982c56d38d3672ea14d47c35ae3062e49b155
SHA512

4bd5571f8392d9ec27f94e5d041f749994a9848c2cfbc062b8cf167bbbb461624061aaf8ab28d74d537deaede398747b391cf60b6180015e12c26a553911dca4
SSDEEP

768:TYt/D0oDxSPRmqbDRSDIhpP30iFN2RDiPH:Ti0oDqRmq70iFN2RDW

Score

10^/10

bpfdoor backdoor linux

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3a1b174f0c19c28f71e1babde01982c56d38d3672ea14d47c35ae3062e49b155

Resource

ubuntu1804-amd64-20240226-en

bpfdoor backdoor

ubuntu-18.04-amd64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  3a1b174f0c19c28f71e1babde01982c56d38d3672ea14d47c35ae3062e49b155
- Size
  
  28KB
- MD5
  
  f8236fd4066e8bfea11d6a6420cfc16a
- SHA1
  
  01c895b0c46e77fa41e0033b3beaff0fc7a01562
- SHA256
  
  3a1b174f0c19c28f71e1babde01982c56d38d3672ea14d47c35ae3062e49b155
- SHA512
  
  4bd5571f8392d9ec27f94e5d041f749994a9848c2cfbc062b8cf167bbbb461624061aaf8ab28d74d537deaede398747b391cf60b6180015e12c26a553911dca4
- SSDEEP
  
  768:TYt/D0oDxSPRmqbDRSDIhpP30iFN2RDiPH:Ti0oDqRmq70iFN2RDW
Score

10^/10

bpfdoor backdoor
- BPFDoor
  BPFDoor is an evasive Linux backdoor attributed to a Chinese threat actor called Red Menshen.
  backdoor bpfdoor
- BPFDoor payload
- Changes its process name
- Creates Raw socket
  Creates a socket that captures raw packets at the device level
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bpfdoorbackdoor

© 2018-2024

Terms | Privacy