bpfdoor | 5b2a079690efb5f4e0944353dd883303ffd6bab4aad1f0c88b49a76ddcb28ee9 | Triage

Submit
Reports

Overview

overview

Static

static

5b2a079690...b28ee9

ubuntu-18.04-amd64

Sharing

General

Target

5b2a079690efb5f4e0944353dd883303ffd6bab4aad1f0c88b49a76ddcb28ee9
Size

22KB
Sample

240410-nakmxadf22
MD5

3a2a08c0f98389d8def6fe82fcb3cc1b
SHA1

e935bbdc493017ff6b427d194c81063125705259
SHA256

5b2a079690efb5f4e0944353dd883303ffd6bab4aad1f0c88b49a76ddcb28ee9
SHA512

0201fd2d00b4fb473f1fb258d684fb7f1efa0e562b25da6cedb0c41642e49b6ee046cb19cd3d516b345042c17b1ad5d2e42bf173d5f13c479dd9b9e31c46a0b7
SSDEEP

384:ymdt7D0ogvSFafTZhePAp9phtIbMCfZSDFKteGGa0b0iFD8T5YYRqc2:yYt7D0oxPm7ubDRSDUeGgb0iF/ZB

Score

10^/10

bpfdoor backdoor linux

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

5b2a079690efb5f4e0944353dd883303ffd6bab4aad1f0c88b49a76ddcb28ee9

Resource

ubuntu1804-amd64-20240226-en

bpfdoor backdoor

ubuntu-18.04-amd64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  5b2a079690efb5f4e0944353dd883303ffd6bab4aad1f0c88b49a76ddcb28ee9
- Size
  
  22KB
- MD5
  
  3a2a08c0f98389d8def6fe82fcb3cc1b
- SHA1
  
  e935bbdc493017ff6b427d194c81063125705259
- SHA256
  
  5b2a079690efb5f4e0944353dd883303ffd6bab4aad1f0c88b49a76ddcb28ee9
- SHA512
  
  0201fd2d00b4fb473f1fb258d684fb7f1efa0e562b25da6cedb0c41642e49b6ee046cb19cd3d516b345042c17b1ad5d2e42bf173d5f13c479dd9b9e31c46a0b7
- SSDEEP
  
  384:ymdt7D0ogvSFafTZhePAp9phtIbMCfZSDFKteGGa0b0iFD8T5YYRqc2:yYt7D0oxPm7ubDRSDUeGgb0iF/ZB
Score

10^/10

bpfdoor backdoor
- BPFDoor
  BPFDoor is an evasive Linux backdoor attributed to a Chinese threat actor called Red Menshen.
  backdoor bpfdoor
- BPFDoor payload
- Changes its process name
- Creates Raw socket
  Creates a socket that captures raw packets at the device level
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bpfdoorbackdoor

© 2018-2024

Terms | Privacy