sunburst | ad3aae8105cf7ef78404aaff42129f0f578a88de7f37804e32377fe50e407b44 | Triage

Sharing

General

Target

ad3aae8105cf7ef78404aaff42129f0f578a88de7f37804e32377fe50e407b44
Size

338KB
MD5

ec6fec5be4074a107e2dd900856e9045
SHA1

355c15d6bf6067d1ce0b289f0a362ce2b8792529
SHA256

ad3aae8105cf7ef78404aaff42129f0f578a88de7f37804e32377fe50e407b44
SHA512

6a0ea2bca6fac8d41b4cac912e4d6af31e525b971cc7bf829ddd454f9216f3c2688b9f5717ecbeb6593897997e8b21dd9a21e84048a0d8ecac6af6254df650f9

Score

10^/10

backdoor sunburst

Malware Config

Signatures

Detected SUNBURST backdoor 1 IoCs

SUNBURST is a backdoor for the SolarWinds Orion platform with extensive capabilities.

Processes:

resource	yara_rule
static1/unpack001/SolarWinds.Orion.Core.BusinessLayer.dll	family_sunburst

Sunburst family
sunburst

Files

ad3aae8105cf7ef78404aaff42129f0f578a88de7f37804e32377fe50e407b44
.zip

Password: infected
SolarWinds.Orion.Core.BusinessLayer.dll
.dll windows x86
SolarWinds.Orion.Core.BusinessLayer.dll.sha256