Starloader

Starloader is a loader component that has been observed loading Felismus and associated tools. [1]

ID: S0188
Type: MALWARE
Platforms: Windows
Contributors: Alan Neville, @abnev
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1140 Deobfuscate/Decode Files or Information Starloader decrypts and executes shellcode from a file called Stars.jps.[1]
Enterprise T1036 Masquerading Starloader has masqueraded as legitimate software update packages such as Adobe Acrobat Reader and Intel.[1]

Groups

Groups that use this software:

Sowbug

References