New Yokai Sideloaded Backdoor Targets Thai Officials

1(520) 261-1728

New Yokai Sideloaded Backdoor Targets Thai Officials

A new backdoor named Yokai has been discovered targeting Thai officials. The malware is distributed via RAR files containing shortcut files that create decoy documents and execute a dropper. The dropper deploys a legitimate iTop Data Recovery application used to side-load the Yokai backdoor DLL. Yokai creates scheduled tasks, collects system information, and communicates with command and control servers to receive commands and exfiltrate data. It uses encryption and checksum validation for C2 communication. The backdoor provides remote shell access and can execute arbitrary commands. This attack demonstrates the continued use of DLL side-loading techniques by threat actors to evade detection. Author: AlienVault

Related Tags:
T1564.004

T1573.001

Thailand

T1559

T1574.002

T1071.001

dropper

T1480

backdoor

Associated Indicators:
C7746E0031FBA26CA6A8ECC3CEE9E3DD50507FE2C1136356F852E068E1F943D0

F361F5EC213B861DC4A76EB2835D70E6739321539AD216EA5DC416C1DC026528

2852223EB40CF0DAE4111BE28CE37CE9AF23E5332FB78B47C8F5568D497D2611

C74F67BB13A79AE8C111095F18B57A10E63D9F8BFBFFEC8859C61360083CE43E

90F4364705F19929D5CC0DAFC44946768E39E81338715503DBC923B75C6EDFD5

452BE2F9018F1EF2D74C935EAC391ECDCEFF9A12CB950441F4F4E26B2B050FA1

24509EB64A11F7E21FEEB667B1D70520B1B1DB8345D0E6502B657D416EF81A4D

EAAE6D5DBF40239FB5ABFA2918286F4039A3A0FCD28276A41281957F6D850456

3E5CFE768817DA9A78B63EFAD9E60D2D300727A97476EDF87BE088FB26F06500

Threat Intel Solutions

New Yokai Sideloaded Backdoor Targets Thai Officials

Search

Popular Posts

2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise

The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads

MintsLoader: StealC and BOINC Delivery

Categories

Archives

Tags

Follow Us