bpfdoor | d68948964905af7259bca015bd1d1ab0bb54334a6f08a87a40ed9d8cc966b291 | Triage

Submit
Reports

Overview

overview

Static

static

d689489649...66b291

ubuntu-20.04-amd64

Sharing

General

Target

d68948964905af7259bca015bd1d1ab0bb54334a6f08a87a40ed9d8cc966b291
Size

27KB
Sample

240410-rqd2vaea7y
MD5

acea44892fc67223f43f4af2ec81aa83
SHA1

f79255a73611bca2e1ff159eb8be6b0aa68c2748
SHA256

d68948964905af7259bca015bd1d1ab0bb54334a6f08a87a40ed9d8cc966b291
SHA512

8291808ba9f796bf37c637a252897dda69d29c5087a277cbb4c5d4821d8953d9ebc05d5a3088a33d380ae55538d4c802cd73de5d3ee34b67ebcd236997698393
SSDEEP

768:sMUDrIR0pRIrPP6JxdSbDRSDIh7Lz0iFCDq4p:QrY0LQH+DS90iFCDp

Score

10^/10

bpfdoor backdoor linux

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d68948964905af7259bca015bd1d1ab0bb54334a6f08a87a40ed9d8cc966b291

Resource

ubuntu2004-amd64-20240221-en

bpfdoor backdoor

ubuntu-20.04-amd64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  d68948964905af7259bca015bd1d1ab0bb54334a6f08a87a40ed9d8cc966b291
- Size
  
  27KB
- MD5
  
  acea44892fc67223f43f4af2ec81aa83
- SHA1
  
  f79255a73611bca2e1ff159eb8be6b0aa68c2748
- SHA256
  
  d68948964905af7259bca015bd1d1ab0bb54334a6f08a87a40ed9d8cc966b291
- SHA512
  
  8291808ba9f796bf37c637a252897dda69d29c5087a277cbb4c5d4821d8953d9ebc05d5a3088a33d380ae55538d4c802cd73de5d3ee34b67ebcd236997698393
- SSDEEP
  
  768:sMUDrIR0pRIrPP6JxdSbDRSDIh7Lz0iFCDq4p:QrY0LQH+DS90iFCDp
Score

10^/10

bpfdoor backdoor
- BPFDoor
  BPFDoor is an evasive Linux backdoor attributed to a Chinese threat actor called Red Menshen.
  backdoor bpfdoor
- BPFDoor payload
- Changes its process name
- Creates Raw socket
  Creates a socket that captures raw packets at the device level
- Executes dropped EXE
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

bpfdoorbackdoor

© 2018-2024

Terms | Privacy