The SharpStage backdoor is a .NET malware with backdoor capabilities. Its name is a derivative of the main activity class called “Stage_One”. SharpStage can take screenshots, run arbitrary commands and downloads additional payloads. It exfiltrates data from the infected machine to a dropbox account by implementing a dropbox client in its code. SharpStage was seen used by the Molerats group in targeted attacks in the middle east.
|2021-07-06 ⋅ 0ffset Blog ⋅ |
New TA402/MOLERATS Malware – Decrypting .NET Reactor Strings
|2020-12-09 ⋅ Cybereason ⋅ |
New Malware Arsenal Abusing Cloud Platforms in Middle East Espionage Campaign
DropBook MoleNet Quasar RAT SharpStage Spark
There is no Yara-Signature yet.