DDKONG is a malware sample that was part of a campaign by Rancor. DDKONG was first seen used in February 2017. 
DDKONG decodes an embedded configuration using XOR.
DDKONG lists files on the victim’s machine.
DDKONG downloads and uploads files on the victim’s machine.
DDKONG uses Rundll32 to ensure only a single instance of itself is running at once.