Kimsuky Group’s New Backdoor (HappyDoor)

Description

This report provides a detailed analysis of the HappyDoor malware, a new backdoor utilized by the Kimsuky threat group known for targeting organizations with spear-phishing attacks. The malware employs sophisticated techniques like self-duplication, hidden execution paths, and encrypted communication to maintain persistence and evade detection. HappyDoor is equipped with various malicious capabilities, including information theft through keylogging, file exfiltration, and voice recording, as well as backdoor functionalities allowing remote control and code execution. The analysis covers the malware's distribution methods, execution flow, communication protocols, registry configurations, and a comprehensive list of its features.