Home / malwarePDF  

Trojan:Win32/PhantomStar.A!dha


First posted on 15 December 2017.
Source: Microsoft

Aliases :

There are no other names known for Trojan:Win32/PhantomStar.A!dha.

Explanation :

Installation
This threat is commonly installed through fake self-extracting RARs. It can create the following installation file on your PC: %localappdata%\Java\bin\jdk1.8.0_73\javafxpackager.exe



Payload

Allows backdoor access and control

This threat can give a malicious hacker access and control of your PC. They can then perform a number of different actions, such as:

  • Downloading and uploading files
  • Enumerating running processes
  • Executing arbitrary commands
  • Gathering system information such as IP address and computer name


The list of running processes is sent to the C2 servers. All C2 communication takes place over the Transport Layer Security (TLS).



Connects to a remote host

We have seen this threat connect to a remote host, including the following C2 servers:
  • 58.185.197.210:443
  • 84.92.36.96:443
  • 184.74.243.67:443
  • 203.69.210.247:443




This malware description was published using the analysis of file SHA1 ea597191c3d0c9a647743b747bdcaf1c5d56ca77.

Last update 15 December 2017

 

TOP