sunburst | dab758bf98d9b36fa057a66cd0284737abf89857b73ca89280267ee7caf62f3b

Sharing

Copy URL

Twitter E-mail

General

Target

dab758bf98d9b36fa057a66cd0284737abf89857b73ca89280267ee7caf62f3b
Size

1003KB
MD5

731d724e8859ef063c03a8b1ab7f81ec
SHA1

1acf3108bf1e376c8848fbb25dc87424f2c2a39c
SHA256

dab758bf98d9b36fa057a66cd0284737abf89857b73ca89280267ee7caf62f3b
SHA512

758e1ca443288ea016b08af27c50a6ec9cedd99edae7e0806c4ff570f9e352e62959bb2c6d7d0b1df170f3bb3e1cd9418046044e68d31a5c800d8500f315464e
SSDEEP

12288:7JKoHwfn/jz3bbO4Qag2I977MieSLwCFKT+OYvjenWHuhh9c0g8vkzo19wp:FEfDbO9778tEKDYbenWH4c0g8vkzo19g

Score

10^/10

backdoor sunburst

Malware Config

Signatures

Detected SUNBURST backdoor 1 IoCs
SUNBURST is a backdoor for the SolarWinds Orion platform with extensive capabilities.
backdoor

Processes:

resource yara_rule

sample family_sunburst
Sunburst family
sunburst

resource	yara_rule
sample	family_sunburst

Files

dab758bf98d9b36fa057a66cd0284737abf89857b73ca89280267ee7caf62f3b
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

0f:e9:73:75:20:22:a6:06:ad:f2:a3:6e:34:5d:c0:ed
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

21-01-2020 00:00

Not After

20-01-2023 23:59

Subject

CN=Solarwinds Worldwide\, LLC,O=Solarwinds Worldwide\, LLC,L=Austin,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:3f:a4:ea:85:76:fa:25:92:8a:ac:05:ed:43:c2:5a:eb:fe:8b:80:d0:60:09:56:25:84:b1:3e:48:c0:dc:20
Signer

Actual PE Digest

19:3f:a4:ea:85:76:fa:25:92:8a:ac:05:ed:43:c2:5a:eb:fe:8b:80:d0:60:09:56:25:84:b1:3e:48:c0:dc:20

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Solarwinds Worldwide\, LLC,O=Solarwinds Worldwide\, LLC,L=Austin,ST=Texas,C=US

24-03-2020 03:01
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 994KB - Virtual size: 994KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dae02f32a21e03ce65412f6e56942daa

Code Sign

0f:e9:73:75:20:22:a6:06:ad:f2:a3:6e:34:5d:c0:edCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

19:3f:a4:ea:85:76:fa:25:92:8a:ac:05:ed:43:c2:5a:eb:fe:8b:80:d0:60:09:56:25:84:b1:3e:48:c0:dc:20Signer

Signature Validations

Verification

24-03-2020 03:01 Valid: false

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 994KB - Virtual size: 994KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

0f:e9:73:75:20:22:a6:06:ad:f2:a3:6e:34:5d:c0:ed
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

19:3f:a4:ea:85:76:fa:25:92:8a:ac:05:ed:43:c2:5a:eb:fe:8b:80:d0:60:09:56:25:84:b1:3e:48:c0:dc:20
Signer

24-03-2020 03:01
Valid: false

.text
Size: 994KB - Virtual size: 994KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B