Starloader

Starloader is a loader component that has been observed loading Felismus and associated tools. [1]

ID: S0188
Aliases: Starloader
Type: MALWARE
Contributors: Alan Neville, @abnev

Platforms: Windows

Version: 1.0

Alias Descriptions

NameDescription
Starloader[1]

Techniques Used

DomainIDNameUse
EnterpriseT1140Deobfuscate/Decode Files or InformationStarloader decrypts and executes shellcode from a file called Stars.jps.[1]
EnterpriseT1036MasqueradingStarloader has masqueraded as legitimate software update packages such as Adobe Acrobat Reader and Intel.[1]

Groups

Groups that use this software:

Sowbug

References