Behavioral task
behavioral1
Sample
1c96021ac8cb52173e762f6b008fb4c6e5ef113e6baa4e2cf4848e88c61d9700.dll
Resource
win7v20201028
Behavioral task
behavioral2
Sample
1c96021ac8cb52173e762f6b008fb4c6e5ef113e6baa4e2cf4848e88c61d9700.dll
Resource
win10v20201028
General
-
Target
1c96021ac8cb52173e762f6b008fb4c6e5ef113e6baa4e2cf4848e88c61d9700
-
Size
9KB
-
MD5
88c03a1ffc753b4d4f198f9784802b33
-
SHA1
3c967660dedc209798f56c79bd8f09dcc70aa123
-
SHA256
1c96021ac8cb52173e762f6b008fb4c6e5ef113e6baa4e2cf4848e88c61d9700
-
SHA512
45d627027a06b5646982ea93c6ca90d4f8f460e94e7c34671572abf82003acbb57313fc9ebfcd0aa4765863005138f4604a7efb4432586fb1852ab8d47494105
Malware Config
Signatures
-
Detected SUPERNOVA .NET web shell 1 IoCs
SUPERNOVA is a .NET web shell backdoor masquerading as a legitimate SolarWinds web service handler. SUPERNOVA inspects and reponds to HTTP requests with the appropriate HTTP query strings, Cookies, and/or HTML form values (e.g. named codes, class, method, and args).
resource yara_rule sample family_supernova -
Supernova family
Files
-
1c96021ac8cb52173e762f6b008fb4c6e5ef113e6baa4e2cf4848e88c61d9700.dll windows x86