216.73.217.64

New Yokai Side-loaded Backdoor Targets Thai Officials

· Published 16/12/2024 14:21 · Modified 16/12/2024 14:33

Export JSON

Essential information

Published
16/12/2024 14:21
Modified
16/12/2024 14:33
Tags
2024-12-16 backdoor dropper thailand yokai
Related entities
20 observables, 8 techniques (mitre), 1 malware, 2 others

Description

A new named has been discovered targeting Thai officials. The malware is distributed via RAR files containing shortcut files that create decoy documents and execute a . The deploys a legitimate iTop Data Recovery application used to side-load the DLL. creates scheduled tasks, collects system information, and communicates with command and control servers to receive commands and exfiltrate data. It uses encryption and checksum validation for C2 communication. The provides remote shell access and can execute arbitrary commands. This attack demonstrates the continued use of DLL side-loading techniques by threat actors to evade detection.

External references