Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

2020-12-13 SUNBURST SolarWinds Backdoor samples

published on 2020-12-14 14:47:00 UTC by Mila
Content:

 


Reference

I am sure you all saw the news.


 
Well, here are the Sunburst binaries. 
Here is a Sunburst malware analysis walk-through video by Colin Hardy


Download

             Other malware


 



Hashes




SolarWinds.Orion.Core.BusinessLayer.dll


32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77
019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134
a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc
ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6
d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af

Trojan:MSIL/Solorigate.B!dha
A Variant Of MSIL/SunBurst.A


This is the compromised installer file ( was still on Solarwinds update downloads  on Dec 14, 2020

File size 419.76 MB
CoreInstaller.msi


ad2fbf4add71f61173975989d1a18395afb8538ed889012b9d2e21c19e98bbd1

2020-04-21 17:31:02
SolarWinds Orion Core Services 2020.2
{77E2D294-3D5C-4D93-ADF1-884CCEAD93B0}
File Version Information
Date signed 05:32 PM 04/21/2020
Signers
Solarwinds Worldwide, LLC
Symantec Class 3 SHA256 Code Signing CA
VeriSign
VT - 0 (Dec 14, 2020)

If you unzip, check 

SolarWinds.Orion.Core.BusinessLayer.dll under OrionCore







Article: 2020-12-13 SUNBURST SolarWinds Backdoor samples - published almost 4 years ago.

http://contagiodump.blogspot.com/2020/12/2020-12-13-sunburst-solarwinds-backdoor.html   
Published: 2020 12 14 14:47:00
Received: 2021 06 06 09:04:40
Feed: contagio
Source: contagio
Category: Cyber Security
Topic: Cyber Security
Views: 7

Custom HTML Block

Click to Open Code Editor