KasperAgent

Description

(Palo Alto) ASPERAGENT is developed in Microsoft Visual C++ and attempts to disguise itself as a product that does not exist: “Adobe Cinema Video Player”. The malware first establishes persistence using the classic method of adding a Run key, using the value “MediaSystem”.

The malware connects to a C2 serverhosted on www.mailsinfo[.]net. The C2 server string in the binary is “obfuscated” in the most basic of senses, with the author adding ‘@’ characters between letters and splitting the starting “www.m” to another string.

Names

Name
KasperAgent

Category

Malware

Type

  • Backdoor

Information

Malpedia

Alienvault Otx

Other Information

Uuid

0dd10463-768e-4b4e-b473-845cfe285f13

Last Card Change

2020-05-14