Kasidet is a backdoor that allows for remote access and control of a system. It can be dropped by using malicious VBA macros and affects the Windows operating system. Kasidet has the ability to search for files on a system, take screenshots, download and execute additional files, change firewall settings, and identify any installed anti-virus software. It also has the ability to initiate keylogging to record victim input.
Kasidet Malware Capabilities
Kasidet may attempt various actions in order to gain information or access on a system, including enumerating files and directories, searching for specific information, taking screenshots, and disabling or modifying system firewalls. Kasidet may also transfer tools or other files from an external system, and may abuse the Windows command shell for execution. Finally, Kasidet may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system, and may log user keystrokes to intercept credentials.
- Kasidet is a malware that can be used to enumerate files and directories, search for specific information, and take screen captures. It may also add itself to the startup folder or Registry to achieve persistence.
- Kasidet may transfer tools or other files from an external system into a compromised environment in order to bypass controls and gain an understanding of common software/applications running on systems within the network.
- Kasidet may use the Windows command shell to execute commands and attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. Kasidet may also log user keystrokes to intercept credentials as the user types them.
Ways to Mitigate Kasidet Malware Attacks
- Kasidet malware can be spotted by checking suspicious program execution as startup programs and comparing them against historical data.
- The Kasidet malware can disable or modify firewalls, and uses system and network discovery techniques to learn about the environment. To mitigate this, monitor for file creation and files transferred into the network, unusual processes with external network connections, and use of utilities that does not normally occur.
- The Kasidet malware uses various techniques to discover and capture information about the systems it is installed on. These include system and network discovery, keylogging, and script execution. This information can then be used to lateral movement and other malicious activities. To mitigate the risk of infection, system administrators should restrict scripting and monitor for keylogging and other suspicious activity.