Published Dec 13, 2020 | Updated Dec 15, 2020

Trojan:MSIL/Solorigate.B!dha

Detected by Microsoft Defender Antivirus

Aliases: No associated aliases

Summary

This threat can allow remote sophisticated attackers to gain access and perform backdoor commands on an affected device. It is a modified DLL component of a legitimate software.

Attackers use this threat to gain initial access to a device. When the related software is opened, this modified DLL is loaded and connects to command-and-control servers to listen for commands and get additional payloads.

Microsoft Defender Antivirus detects this threat. It raises an alert when it detects the threat on your device, but it doesn't automatically remediate it in order to not affect legitimate services. If this threat is detected on your environment, we recommend that you immediately investigate and manually remediate it.

Read our latest reports: 

To help reduce the impact of this threat, you can:

  • Immediately isolate the affected device. If malicious code has been launched, it is likely that the device is under complete attacker control.
  • Identify the accounts that have been used on the affected device and consider these accounts compromised. Reset passwords or decommission the accounts.
  • Investigate how the affected endpoint might have been compromised. Check web and email traffic to determine how the malware arrived.
  • Investigate the device timeline for indications of lateral movement activities using one of the compromised accounts. Check for additional tools that attackers might have dropped to enable credential access, lateral movement, and other attack activities.

Microsoft Defender Antivirus detects this threat. It raises an alert when it detects the threat on your device, but it doesn't automatically remediate it in order to not affect legitimate services. If this threat is detected on your environment, we recommend that you immediately investigate and manually remediate it.

You can also visit our advanced troubleshooting page or search the virus and malware community for more help.

Follow us