Khepri

Summary
An open-source cross-platform C2 agent
Class
Trojan
Class Summary
A Trojan is malware that masquerades as a legitimate program. Once executed, it can perform harmful activities like creating backdoors for unauthorized access, modifying or deleting files, or even downloading additional malware. Trojans commonly spread through software downloads or social engineering via malicious email attachments. Trojans are often focused on espionage capabilities rather than monetary gain, but some overlap may occur depending on attacker objectives. They generally include multiple different functionalities such as remote shell capabilities, keyloggers, infostealers and more.
Description

Khepri is a cross-platform and open-source agent that can be used to infect macOS systems. It contains built-in features for reconnaissance, process and file management, and remote shell capabilities. It is capable of operating over both TCP and UDP. Although Khepri is open-source and could be used in red team engagements, it has been observed in the wild stealthily embedded within pirated applications and delivered as a final payload to control victim systems.

References
Example Hashes
  • 54becb469a94fb2b9cea92ae5e0adeed2dcdf796
    VirusTotal
  • 1bfa8ce2a7c6dda4239f3c89803a0995b22427de
    VirusTotal