General

  • Target

    3a1b174f0c19c28f71e1babde01982c56d38d3672ea14d47c35ae3062e49b155

  • Size

    28KB

  • Sample

    240410-mgjhrafd3s

  • MD5

    f8236fd4066e8bfea11d6a6420cfc16a

  • SHA1

    01c895b0c46e77fa41e0033b3beaff0fc7a01562

  • SHA256

    3a1b174f0c19c28f71e1babde01982c56d38d3672ea14d47c35ae3062e49b155

  • SHA512

    4bd5571f8392d9ec27f94e5d041f749994a9848c2cfbc062b8cf167bbbb461624061aaf8ab28d74d537deaede398747b391cf60b6180015e12c26a553911dca4

  • SSDEEP

    768:TYt/D0oDxSPRmqbDRSDIhpP30iFN2RDiPH:Ti0oDqRmq70iFN2RDW

Score
10/10

Malware Config

Targets

    • Target

      3a1b174f0c19c28f71e1babde01982c56d38d3672ea14d47c35ae3062e49b155

    • Size

      28KB

    • MD5

      f8236fd4066e8bfea11d6a6420cfc16a

    • SHA1

      01c895b0c46e77fa41e0033b3beaff0fc7a01562

    • SHA256

      3a1b174f0c19c28f71e1babde01982c56d38d3672ea14d47c35ae3062e49b155

    • SHA512

      4bd5571f8392d9ec27f94e5d041f749994a9848c2cfbc062b8cf167bbbb461624061aaf8ab28d74d537deaede398747b391cf60b6180015e12c26a553911dca4

    • SSDEEP

      768:TYt/D0oDxSPRmqbDRSDIhpP30iFN2RDiPH:Ti0oDqRmq70iFN2RDW

    Score
    10/10
    • BPFDoor

      BPFDoor is an evasive Linux backdoor attributed to a Chinese threat actor called Red Menshen.

    • BPFDoor payload

    • Changes its process name

    • Creates Raw socket

      Creates a socket that captures raw packets at the device level

    • Executes dropped EXE

MITRE ATT&CK Matrix

Tasks