Starloader

Starloader is a loader component that has been observed loading Felismus and associated tools. [1]

ID: S0188
Type: MALWARE
Platforms: Windows
Contributors: Alan Neville, @abnev
Version: 1.0

Techniques Used

Domain ID Name Use
Enterprise T1140 Deobfuscate/Decode Files or Information

Starloader decrypts and executes shellcode from a file called Stars.jps.[1]

Enterprise T1036 Masquerading

Starloader has masqueraded as legitimate software update packages such as Adobe Acrobat Reader and Intel.[1]

Groups That Use This Software

ID Name References
G0054 Sowbug [1]

References