bpfdoor | 97a546c7d08ad34dfab74c9c8a96986c54768c592a8dae521ddcf612a84fb8cc | Triage

Submit
Reports

Overview

overview

Static

static

97a546c7d0...4fb8cc

ubuntu-20.04-amd64

Sharing

General

Target

97a546c7d08ad34dfab74c9c8a96986c54768c592a8dae521ddcf612a84fb8cc
Size

28KB
Sample

240410-p36aragc56
MD5

5fda35bd30be1cc21f8e933e41a88d9b
SHA1

8535c3b18a10649b94531c6d9f79750324498e5c
SHA256

97a546c7d08ad34dfab74c9c8a96986c54768c592a8dae521ddcf612a84fb8cc
SHA512

1a0f9a5a5a6d3cdf1b5d71dda8f111e8f6b6d4378d3e1fe4c7797bcea3642fced6dd7ec398b8fbe0a108a4d63d00191ff80893eeeeaebb7b637fb17e41220ec6
SSDEEP

384:kmdtqD0ogKS6afykzoSPAB5f0IbMCfZS3Fz8WdGnzv0iFXkTg3YUq8wz0H:kYtqD0ousSPSHbDRS3aWdgv0iFOUq8HH

Score

10^/10

bpfdoor backdoor linux

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

97a546c7d08ad34dfab74c9c8a96986c54768c592a8dae521ddcf612a84fb8cc

Resource

ubuntu2004-amd64-20240221-en

bpfdoor backdoor

ubuntu-20.04-amd64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  97a546c7d08ad34dfab74c9c8a96986c54768c592a8dae521ddcf612a84fb8cc
- Size
  
  28KB
- MD5
  
  5fda35bd30be1cc21f8e933e41a88d9b
- SHA1
  
  8535c3b18a10649b94531c6d9f79750324498e5c
- SHA256
  
  97a546c7d08ad34dfab74c9c8a96986c54768c592a8dae521ddcf612a84fb8cc
- SHA512
  
  1a0f9a5a5a6d3cdf1b5d71dda8f111e8f6b6d4378d3e1fe4c7797bcea3642fced6dd7ec398b8fbe0a108a4d63d00191ff80893eeeeaebb7b637fb17e41220ec6
- SSDEEP
  
  384:kmdtqD0ogKS6afykzoSPAB5f0IbMCfZS3Fz8WdGnzv0iFXkTg3YUq8wz0H:kYtqD0ousSPSHbDRS3aWdgv0iFOUq8HH
Score

10^/10

bpfdoor backdoor
- BPFDoor
  BPFDoor is an evasive Linux backdoor attributed to a Chinese threat actor called Red Menshen.
  backdoor bpfdoor
- BPFDoor payload
- Changes its process name
- Creates Raw socket
  Creates a socket that captures raw packets at the device level
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bpfdoorbackdoor

© 2018-2025

Terms | Privacy