Behavioral task
behavioral1
Sample
c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71.dll
Resource
win10v20201028
General
-
Target
c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71
-
Size
7KB
-
MD5
56ceb6d0011d87b6e4d7023d7ef85676
-
SHA1
75af292f34789a1c782ea36c7127bf6106f595e8
-
SHA256
c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71
-
SHA512
f7eac6ab99fe45ca46417cdca36ba27560d5f8a2f37f378ba97636662595d55fa34f749716971aa96a862e37e0199eb6cb905636e6ab0123cfa089adba450629
Malware Config
Signatures
-
Detected SUPERNOVA .NET web shell 1 IoCs
SUPERNOVA is a .NET web shell backdoor masquerading as a legitimate SolarWinds web service handler. SUPERNOVA inspects and reponds to HTTP requests with the appropriate HTTP query strings, Cookies, and/or HTML form values (e.g. named codes, class, method, and args).
resource yara_rule sample family_supernova -
Supernova family
Files
-
c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71.dll windows x86