Tool: SharpStage| Names | SharpStage | |
| Category | Malware | |
| Type | Backdoor, Info stealer, Downloader | |
| Description | (Cybereason) The dropper downloaded from the SharpStage C2 has several backdoor capabilities including implementation of a Dropbox client API along with a check for the presence of the Arabic language in order to execute only on desired targets and to evade sandbox detection, as the default language setting is usually English. Prior to the language check, the backdoor automatically captures the screen and saves the image in the %temp% folder. | |
| Information | <https://www.cybereason.com/hubfs/dam/collateral/reports/Molerats-in-the-Cloud-New-Malware-Arsenal-Abuses-Cloud-Platforms-in-Middle-East-Espionage-Campaign.pdf> | |
| Malpedia | <https://malpedia.caad.fkie.fraunhofer.de/details/win.sharpstage> | |
Last change to this tool card: 24 April 2021
Download this tool card in JSON format
| Changed | Name | Country | Observed | ||
APT groups | |||||
 | Molerats, Extreme Jackal, Gaza Cybergang | [Gaza] | 2012-Apr 2021  | ||
1 group listed (1 APT, 0 other, 0 unknown)
|
Thailand Computer Emergency Response Team (ThaiCERT) Follow us on
|
Report incidents |
|
 |
+66 (0)2-123-1234 | |
 |
report@thaicert.or.th | |
 |
Download PGP key | |