SharpStage

Description

(Cybereason) The dropper downloaded from the SharpStage C2 has several backdoor capabilities including implementation of a Dropbox client API along with a check for the presence of the Arabic language in order to execute only on desired targets and to evade sandbox detection, as the default language setting is usually English. Prior to the language check, the backdoor automatically captures the screen and saves the image in the %temp% folder.

Names

Name
SharpStage

Category

Malware

Type

• Backdoor
• Info stealer
• Downloader

Information

• https://www.cybereason.com/hubfs/dam/collateral/reports/Molerats-in-the-Cloud-New-Malware-Arsenal-Abuses-Cloud-Platforms-in-Middle-East-Espionage-Campaign.pdf

Mitre Attack

• https://attack.mitre.org/software/S0546/

Malpedia

• https://malpedia.caad.fkie.fraunhofer.de/details/win.sharpstage

Other Information

Uuid

ee189bfb-8bcc-45eb-bb38-ff8fe5da63c1

Last Card Change

2022-12-30