Overview

overview

10

Static

static

10

fe9f3b7451...8f30a7

ubuntu-18.04-amd64

10

Analysis

  • max time kernel
    2s
  • max time network
    132s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240226-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    10-04-2024 15:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    fe9f3b7451913f184e1f53b52a03a981dcea5564633cfcb70d01bd0aec8f30a7

  • Size

    27KB

  • MD5

    de0ead0340d3294de961075acf38ff31

  • SHA1

    df8c9b3b529975f4bbddb9be072d8335885d7dfa

  • SHA256

    fe9f3b7451913f184e1f53b52a03a981dcea5564633cfcb70d01bd0aec8f30a7

  • SHA512

    94f3712cf531b9a8a415531c9f8987b7695456b6ded2b34d75aad7c064eebe7b89799f8efb9d163948b91857ccead74ed26f494f4d9f50d7cb37e37f9fd56dbc

  • SSDEEP

    768:BSD/o+FMXrThYxtXZZTthZbDRSDOfQEd0iF+PRPLd3:O/o+FMXrThYxtjTthZN0iF+PRPh

Score
10/10
bpfdoorbackdoor

Malware Config

Signatures

  • BPFDoor

    BPFDoor is an evasive Linux backdoor attributed to a Chinese threat actor called Red Menshen.

    backdoorbpfdoor
  • BPFDoor payload 1 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/fe9f3b7451913f184e1f53b52a03a981dcea5564633cfcb70d01bd0aec8f30a7
    /tmp/fe9f3b7451913f184e1f53b52a03a981dcea5564633cfcb70d01bd0aec8f30a7
    1⤵
      PID:1565
      • /bin/sh
        sh -c "/bin/rm -f /var/lock/balance;/bin/cp /tmp/fe9f3b7451913f184e1f53b52a03a981dcea5564633cfcb70d01bd0aec8f30a7 /var/lock/balance && /bin/chmod 755 /var/lock/balance && /var/lock/balance --init"
        2⤵
          PID:1566
          • /bin/rm
            /bin/rm -f /var/lock/balance
            3⤵
              PID:1567
            • /bin/cp
              /bin/cp /tmp/fe9f3b7451913f184e1f53b52a03a981dcea5564633cfcb70d01bd0aec8f30a7 /var/lock/balance
              3⤵
              • Reads runtime system information
              PID:1568
            • /bin/chmod
              /bin/chmod 755 /var/lock/balance
              3⤵
                PID:1569
              • /var/lock/balance
                /var/lock/balance --init
                3⤵
                  PID:1570

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • /run/lock/balance
              Filesize

              27KB

              MD5

              de0ead0340d3294de961075acf38ff31

              SHA1

              df8c9b3b529975f4bbddb9be072d8335885d7dfa

              SHA256

              fe9f3b7451913f184e1f53b52a03a981dcea5564633cfcb70d01bd0aec8f30a7

              SHA512

              94f3712cf531b9a8a415531c9f8987b7695456b6ded2b34d75aad7c064eebe7b89799f8efb9d163948b91857ccead74ed26f494f4d9f50d7cb37e37f9fd56dbc

              Download Submit