Source: Malware |
Virustotal: Detection: 40% |
Perma Link |
Source: Malware |
ReversingLabs: Detection: 46% |
Source: global traffic |
TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443 |
Source: global traffic |
TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80 |
Source: global traffic |
TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 43928 -> 443 |
Source: unknown |
Network traffic detected: HTTP traffic on port 42836 -> 443 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.43 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.202.202.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.42 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.43 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 109.202.202.202 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.42 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.43 |
Source: Malware, type: SAMPLE |
Matched rule: APT_MAL_LNX_RedMenshen_BPFDoor_Controller_May22_3 date = 2022-05-08, hash2 = fa0defdabd9fd43fe2ef1ec33574ea1af1290bd3d763fdb2bed443f2bd996d73, author = Florian Roth, description = Detects BPFDoor implants used by Chinese actor Red Menshen, reference = https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896, score = 144526d30ae747982079d5d340d1ff116a7963aba2e3ed589e7ebc297ba0c1b3 |
Source: Malware, type: SAMPLE |
Matched rule: APT_MAL_LNX_RedMenshen_BPFDoor_Controller_Generic_May22_1 date = 2022-05-09, hash5 = 599ae527f10ddb4625687748b7d3734ee51673b664f2e5d0346e64f85e185683, hash4 = 591198c234416c6ccbcea6967963ca2ca0f17050be7eed1602198308d9127c78, hash3 = 4c5cf8f977fc7c368a8e095700a44be36c8332462c0b1e41bff03238b2bf2a2d, hash2 = 1925e3cd8a1b0bba0d297830636cdb9ebf002698c8fa71e0063581204f4e8345, author = Florian Roth, description = Detects BPFDoor malware, hash10 = 96e906128095dead57fdc9ce8688bb889166b67c9a1b8fdb93d7cff7f3836bb9, hash11 = 97a546c7d08ad34dfab74c9c8a96986c54768c592a8dae521ddcf612a84fb8cc, hash12 = c796fc66b655f6107eacbe78a37f0e8a2926f01fecebd9e68a66f0e261f91276, hash9 = 93f4262fce8c6b4f8e239c35a0679fbbbb722141b95a5f2af53a2bcafe4edd1c, hash8 = 76bf736b25d5c9aaf6a84edd4e615796fffc338a893b49c120c0b4941ce37925, hash7 = 5faab159397964e630c4156f8852bcc6ee46df1cdd8be2a8d3f3d8e5980f3bb3, hash6 = 5b2a079690efb5f4e0944353dd883303ffd6bab4aad1f0c88b49a76ddcb28ee9, hash17 = fd1b20ee5bd429046d3c04e9c675c41e9095bea70e0329bd32d7edd17ebaf68a, reference = https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896, score = 07ecb1f2d9ffbd20a46cd36cd06b022db3cc8e45b1ecab62cd11f9ca7a26ab6d, hash13 = c80bd1c4a796b4d3944a097e96f384c85687daeedcdcf05cc885c8c9b279b09c, hash14 = f47de978da1dbfc5e0f195745e3368d3ceef034e964817c66ba01396a1953d72, hash15 = f8a5e735d6e79eb587954a371515a82a15883cf2eda9d7ddb8938b86e714ea27, hash16 = fa0defdabd9fd43fe2ef1ec33574ea1af1290bd3d763fdb2bed443f2bd996d73 |
Source: 6222.1.00000000517089bc.000000004d171c55.rw-.sdmp, type: MEMORY |
Matched rule: APT_MAL_LNX_RedMenshen_BPFDoor_Controller_May22_3 date = 2022-05-08, hash2 = fa0defdabd9fd43fe2ef1ec33574ea1af1290bd3d763fdb2bed443f2bd996d73, author = Florian Roth, description = Detects BPFDoor implants used by Chinese actor Red Menshen, reference = https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896, score = 144526d30ae747982079d5d340d1ff116a7963aba2e3ed589e7ebc297ba0c1b3 |
Source: classification engine |
Classification label: mal52.lin@0/0@0/0 |