Overview

overview

10

Static

static

10

SUNBURST/A...34.dll

windows7_x64

1

SUNBURST/A...34.dll

windows10_x64

1

SUNBURST/A...77.dll

windows7_x64

1

SUNBURST/A...77.dll

windows10_x64

SUNBURST/A...bc.dll

windows7_x64

1

SUNBURST/A...bc.dll

windows10_x64

1

SUNBURST/A...d6.dll

windows7_x64

1

SUNBURST/A...d6.dll

windows10_x64

1

SUNBURST/A...af.dll

windows7_x64

1

SUNBURST/A...af.dll

windows10_x64

1

SUNBURST/A...8d.dll

windows7_x64

1

SUNBURST/A...8d.dll

windows10_x64

1

SUNBURST/A...71.dll

windows7_x64

1

SUNBURST/A...71.dll

windows10_x64

1

SUNBURST/F...ad.dll

windows7_x64

1

SUNBURST/F...ad.dll

windows10_x64

1

SUNBURST/F...e5.dll

windows7_x64

1

SUNBURST/F...e5.dll

windows10_x64

1

SUNBURST/F...6d.exe

windows7_x64

1

SUNBURST/F...6d.exe

windows10_x64

1

SUNBURST/F...91.exe

windows7_x64

1

SUNBURST/F...91.exe

windows10_x64

1

SUNBURST/F...0c.dll

windows7_x64

1

SUNBURST/F...0c.dll

windows10_x64

3

SUNBURST/F...d9.dll

windows7_x64

8

SUNBURST/F...d9.dll

windows10_x64

8

SUNBURST/F...a6.exe

windows7_x64

3

SUNBURST/F...a6.exe

windows10_x64

3

SUNBURST/F...65.exe

windows7_x64

1

SUNBURST/F...65.exe

windows10_x64

1

SUNBURST/F...40.exe

windows7_x64

1

SUNBURST/F...40.exe

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DarkHalo.zip

  • Size

    253.2MB

  • MD5

    b663a67d0ad56dd74bf241c8ff019ea3

  • SHA1

    5f0c2f900b2b6384a3bcdfd52a8d7456c7cc61f3

  • SHA256

    f9cf0fafb332a52c2d95e3d18ad6b0f3d7836166fb105cb38970bec2bddd1daa

  • SHA512

    12e5a89ddc2894643c08f0991034518104da96ba3e80f4f0b74e1be0d5ebdbaa07c95f5c1cee8cd7a2e8ab7554969db661272559ffd43aba862ed9e0e32d88db

Score
10/10
backdoordroppersunburstteardropsupernova

Malware Config

Signatures

  • Detected SUNBURST backdoor 3 IoCs

    SUNBURST is a backdoor for the SolarWinds Orion platform with extensive capabilities.

    backdoor
  • Detected SUPERNOVA .NET web shell 1 IoCs

    SUPERNOVA is a .NET web shell backdoor masquerading as a legitimate SolarWinds web service handler. SUPERNOVA inspects and reponds to HTTP requests with the appropriate HTTP query strings, Cookies, and/or HTML form values (e.g. named codes, class, method, and args).

    backdoor
  • Detected TEARDROP fileless dropper 4 IoCs

    TEARDROP is a memory-only dropper which can read files/registry keys, decode an embedded payload, and load it directly into memory.

    dropperbackdoor
  • Sunburst family
    sunburst
  • Supernova family
    supernova
  • Teardrop family
    teardrop
  • JavaScript code in executable 3 IoCs

Files

  • DarkHalo.zip
    .zip

    Password: infected

  • SUNBURST/APT_Backdoor_SUNBURST/019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134
    .dll windows x86


  • SUNBURST/APT_Backdoor_SUNBURST/32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77
    .dll windows x86


  • SUNBURST/APT_Backdoor_SUNBURST/a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc
    .dll windows x86


  • SUNBURST/APT_Backdoor_SUNBURST/ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6
    .dll windows x86


  • SUNBURST/APT_Backdoor_SUNBURST/d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af
    .dll windows x86


  • SUNBURST/APT_Dropper_Win64_TEARDROP/6e4050c6a2d2e5e49606d96dd2922da480f2e0c70082cc7e54449a7dc0d20f8d
    .dll windows x64


  • SUNBURST/APT_Webshell_SUPERNOVA/c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71
    .dll windows x86


  • SUNBURST/FalsePositives/0201b92d3d877df4de0d109ce6f3d647cfde3ab9d881f8cddc10d4bb8e5f21ad
    .dll windows x86


    Exports

  • SUNBURST/FalsePositives/191a0fc897f798860c541f0e3fcd496f5d586f54c967d6e21621d974ebdd9de5
    .dll windows x86


    Exports

  • SUNBURST/FalsePositives/e8593c908f6ac1656d5261073be7df756b5dd5dd428742c090e2c0ad983df56d
    .exe windows x86


  • SUNBURST/FireEyeTools/0340043481091d92dcfb2c498aad3c0afca2fd208ef896f65af790cc147f8891
    .exe windows x86


  • SUNBURST/FireEyeTools/078403b4e89ff06d2fe2ed7e75428a381f83ffb708dbd01b0220767498947f0c
    .dll windows x86 regsvr32


    Exports

  • SUNBURST/FireEyeTools/1cf5710e500a423b84b51fa3afdd923fe0a8255c5817d3238175623e2ebbfad9
    .dll windows x64


    Exports

  • SUNBURST/FireEyeTools/82cce26c60a5105e6caf5ac92eabb3dedcd883cd075f2056f27b0ec58aefaaa6
    .exe windows x64


  • SUNBURST/FireEyeTools/a022820a62198fa3e3b89749b38db1cc3a09136524682fb99a3ce36652725065
    .exe windows x86
  • SUNBURST/FireEyeTools/b6ef03aec5d10e371f0b06c661036d838ef55fa7dc75cf91fca3622bdefa8140
    .exe windows x86


  • SUNBURST/FireEyeTools/c0621954bd329b5cabe45e92b31053627c27fa40853beb2cce2734fa677ffd93
    .exe windows x86


  • SUNBURST/FireEyeTools/efb533249f71ea6ebfb6418bb67c94e8fbd5f2a26cbd82ef8ec1d30c0c90c6c1
    .dll windows x64


    Exports

  • SUNBURST/NcmInstaller.msi
    .msi
  • SUNBURST/SolarWinds-Core-v2019.4.5220-Hotfix5.msp