Home / malware Backdoor.Kikothac
First posted on 05 November 2015.
Source: SymantecAliases :
There are no other names known for Backdoor.Kikothac.
Explanation :
When the Trojan is executed, it may create the following registry entry:
HKEY_LOCAL_MACHINE\SOFTWARE\KingKongThai\cc
The Trojan may open a back door on the compromised computer, and connect to the following location:
red-hat.biz
The Trojan may perform the following actions:
Upload filesDownload filesObtain process listsTerminate itselfObtain a path from where it is runningCreate a service named "Microsoft Windows Firewall"Act as an HTTP proxy using the CONNECT verb of the HTTP protocolExecute commands sent from the remote locationCreate a mutex named "ServiceHelper#[RANDOM NUMBER]Last update 05 November 2015
