Home / malware Trojan:Win32/PhantomStar.A!dha
First posted on 15 December 2017.
Source: MicrosoftAliases :
There are no other names known for Trojan:Win32/PhantomStar.A!dha.
Explanation :
Installation
This threat is commonly installed through fake self-extracting RARs. It can create the following installation file on your PC: %localappdata%\Java\bin\jdk1.8.0_73\javafxpackager.exe
Payload
Allows backdoor access and control
This threat can give a malicious hacker access and control of your PC. They can then perform a number of different actions, such as:
- Downloading and uploading files
- Enumerating running processes
- Executing arbitrary commands
- Gathering system information such as IP address and computer name
The list of running processes is sent to the C2 servers. All C2 communication takes place over the Transport Layer Security (TLS).
Connects to a remote host
We have seen this threat connect to a remote host, including the following C2 servers:
- 58.185.197.210:443
- 84.92.36.96:443
- 184.74.243.67:443
- 203.69.210.247:443
This malware description was published using the analysis of file SHA1 ea597191c3d0c9a647743b747bdcaf1c5d56ca77.Last update 15 December 2017