Behavioral task
behavioral1
Sample
c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71.dll
Resource
win10v20201028
General
-
Target
c5a908c65eefc6a65061da4b6d6d0ed23db83ac6b5e4e1a0b4cd763110878c2f
-
Size
3KB
-
MD5
69caf1fd6214d09a4695987eb0f291ef
-
SHA1
aa60ec36048fb9058064e668cbc1aafd5619dc30
-
SHA256
c5a908c65eefc6a65061da4b6d6d0ed23db83ac6b5e4e1a0b4cd763110878c2f
-
SHA512
94cd33f836722d68689e16c7cad5b9644e0e70ce2d8317940aa6052fb36c21daa7401210ff467f301f79cc9fbf4b9ef88ff0cce29da4d5b4c4c2251b30364e43
Malware Config
Signatures
-
Detected SUPERNOVA .NET web shell 1 IoCs
SUPERNOVA is a .NET web shell backdoor masquerading as a legitimate SolarWinds web service handler. SUPERNOVA inspects and reponds to HTTP requests with the appropriate HTTP query strings, Cookies, and/or HTML form values (e.g. named codes, class, method, and args).
resource yara_rule static1/unpack001/c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71 family_supernova -
Supernova family
Files
-
c5a908c65eefc6a65061da4b6d6d0ed23db83ac6b5e4e1a0b4cd763110878c2f.zip
Password: infected
-
c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71.dll windows x86