KasperAgent
Description
(Palo Alto) ASPERAGENT is developed in Microsoft Visual C++ and attempts to disguise itself as a product that does not exist: “Adobe Cinema Video Player”. The malware first establishes persistence using the classic method of adding a Run key, using the value “MediaSystem”.
The malware connects to a C2 serverhosted on www.mailsinfo[.]net. The C2 server string in the binary is “obfuscated” in the most basic of senses, with the author adding ‘@’ characters between letters and splitting the starting “www.m” to another string.
Names
Name |
---|
KasperAgent |
Category
Malware
Type
- Backdoor
Information
- https://unit42.paloaltonetworks.com/unit42-targeted-attacks-middle-east-using-kasperagent-micropsia/
- https://www.threatconnect.com/blog/kasperagent-malware-campaign/
Malpedia
Alienvault Otx
Other Information
Uuid
0dd10463-768e-4b4e-b473-845cfe285f13
Last Card Change
2020-05-14