General

  • Target

    5faab159397964e630c4156f8852bcc6ee46df1cdd8be2a8d3f3d8e5980f3bb3

  • Size

    24KB

  • Sample

    240410-nhd54aha3s

  • MD5

    3a270b673d47c0b69c3baf5d73010773

  • SHA1

    057b1783e8829e34e0c544c770360215fb60b7bb

  • SHA256

    5faab159397964e630c4156f8852bcc6ee46df1cdd8be2a8d3f3d8e5980f3bb3

  • SHA512

    f398cc7024ba5212bd192dfbfd81d8a3ce1fb20faef1d63b046fc2619df17cc15c907347d5fae1dab0e86493a9a690dde774df74ffbdfff9667fdb3c7e76cb78

  • SSDEEP

    384:ymdt7D0ogvSFafTZhePAp9phtIbMCfZSDFKteGGa0b0iFD8T5YYRqc2:yYt7D0oxPm7ubDRSDUeGgb0iF/ZB

Score
10/10

Malware Config

Targets

    • Target

      5faab159397964e630c4156f8852bcc6ee46df1cdd8be2a8d3f3d8e5980f3bb3

    • Size

      24KB

    • MD5

      3a270b673d47c0b69c3baf5d73010773

    • SHA1

      057b1783e8829e34e0c544c770360215fb60b7bb

    • SHA256

      5faab159397964e630c4156f8852bcc6ee46df1cdd8be2a8d3f3d8e5980f3bb3

    • SHA512

      f398cc7024ba5212bd192dfbfd81d8a3ce1fb20faef1d63b046fc2619df17cc15c907347d5fae1dab0e86493a9a690dde774df74ffbdfff9667fdb3c7e76cb78

    • SSDEEP

      384:ymdt7D0ogvSFafTZhePAp9phtIbMCfZSDFKteGGa0b0iFD8T5YYRqc2:yYt7D0oxPm7ubDRSDUeGgb0iF/ZB

    Score
    10/10
    • BPFDoor

      BPFDoor is an evasive Linux backdoor attributed to a Chinese threat actor called Red Menshen.

    • BPFDoor payload

    • Changes its process name

    • Creates Raw socket

      Creates a socket that captures raw packets at the device level

    • Executes dropped EXE

MITRE ATT&CK Matrix

Tasks