SharpStage

SharpStage is a new malware that was recently discovered being used by the Molerats threat actor. This malware is a backdoor that allows an attacker to gain unauthorized access to a compromised system and perform various malicious activities, such as stealing sensitive data or downloading other malware. SharpStage is written in .NET and depends on a traditional command and control (C2) server. Along with the SharpStage backdoor, the Molerats threat actor also used another backdoor called DropBook, which works in conjunction with SharpStage to download additional malware from a Dropbox storage controlled by the attacker. Additionally, MoleNet, a previously undocumented malware downloader, was also used in recent operations. One of the notable features of SharpStage is its integration with Dropbox API, allowing for easy data download and exfiltration. However, unlike DropBook, SharpStage relies on a C2 server for communication with the attacker. The discovery of SharpStage highlights the ongoing threat of sophisticated malware attacks and the importance of implementing robust security measures to protect against them.