Kexqoud

By Domesticus in Trojans

Threat Scorecard

Ranking: 16,579
Threat Level: 90 % (High)
Infected Computers: 156
First Seen: May 15, 2013
Last Seen: July 14, 2023
OS(es) Affected: Windows

Kexqoud is a Trojan that uses a compromised PC without a victim's permission to make Bitcoins, a digital currency. Kexqoud uses a genuine application used for mining Bitcoins, using multiple accounts, to create this currency. Kexqoud is often packaged with genuine programs such as games and productivity applications. When, Kexqoud downloads a copy of itself to the %APPDATA% directory with a random file name. Kexqoud also downloads an authentic Bitcoin-mining application in the %TEMP% directory, also with a random file name. Kexqoud may also modify the Windows Registry, to make sure that it loads automatically whenever the PC is started. To automatically load on system start, Kexqoud adds the registry keys. Win32/Kexqoud activates the Bitcoin-mining client in a manner that attributes newly-created Bitcoins to an account indicated by a cybercriminal. This means, that any Bitcoins the PC user creates, accidentally or purposefully, will be credited to the cybercriminal. The mining client is configured to run with high CPU utilization, which may notably slow the performance of the corrupted PC.

File System Details

Kexqoud may create the following file(s):
# File Name Detections
1. %TEMP%\riblekbyc.exe
2. %APPDATA%\vxtwtuowmvekobpxnsq.exe

Registry Details

Kexqoud may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[malware file name]" = "%AppData%\[malware filename].exe"

Related Posts

Trending

Most Viewed

Loading...