Starloader

Starloader is a loader component that has been observed loading Felismus and associated tools. [1]

ID: S0188
Type: MALWARE
Platforms: Windows
Contributors: Alan Neville, @abnev
Version: 1.1
Created: 16 January 2018
Last Modified: 18 March 2020

Techniques Used

Domain ID Name Use
Enterprise T1140 Deobfuscate/Decode Files or Information

Starloader decrypts and executes shellcode from a file called Stars.jps.[1]

Enterprise T1036 .005 Masquerading: Match Legitimate Name or Location

Starloader has masqueraded as legitimate software update packages such as Adobe Acrobat Reader and Intel.[1]

Groups That Use This Software

ID Name References
G0054 Sowbug

[1]

References