Resubmissions

25-12-2020 09:37

201225-4whmk8ct5s 10

17-12-2020 17:06

201217-k49xpgzldj 10

General

  • Target

    2bfb48393e6b1bf2e660ee9710f8f8c74ab966f7aeff0ee5261e3fe18da93dc3

  • Size

    1.3MB

  • MD5

    94de8047fcacbb1d96032bd0016f440c

  • SHA1

    04e6e4f5f464d24b411a2539297dac2d50f8fcfa

  • SHA256

    2bfb48393e6b1bf2e660ee9710f8f8c74ab966f7aeff0ee5261e3fe18da93dc3

  • SHA512

    cd46aa328633c27b36a1c4fe4e39604f234122d99f3336647a06f13a9b3b8d7968edd52e146fdacfd628a15490882104a5b85904a0b67799b65fcf81ff989eaa

Malware Config

Signatures

  • Detected SUNBURST backdoor 3 IoCs

    SUNBURST is a backdoor for the SolarWinds Orion platform with extensive capabilities.

  • Detected SUPERNOVA .NET web shell 1 IoCs

    SUPERNOVA is a .NET web shell backdoor masquerading as a legitimate SolarWinds web service handler. SUPERNOVA inspects and reponds to HTTP requests with the appropriate HTTP query strings, Cookies, and/or HTML form values (e.g. named codes, class, method, and args).

  • Sunburst family
  • Supernova family

Files

  • 2bfb48393e6b1bf2e660ee9710f8f8c74ab966f7aeff0ee5261e3fe18da93dc3
    .zip
  • SUNBURST/APT_Backdoor_SUNBURST/019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134
    .dll windows x86


  • SUNBURST/APT_Backdoor_SUNBURST/32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77
    .dll windows x86


  • SUNBURST/APT_Backdoor_SUNBURST/a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc
    .dll windows x86


  • SUNBURST/APT_Backdoor_SUNBURST/ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6
    .dll windows x86


  • SUNBURST/APT_Webshell_SUPERNOVA/c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71
    .dll windows x86