Trojan.Kryptik.GDR
Table of Contents
Analysis Report
General information
| Family Name: | Trojan.Kryptik.GDR |
|---|---|
| Signature status: | No Signature |
Known Samples
Known Samples
This section lists other file samples believed to be associated with this family.|
MD5:
e8483c31078631d5dabedc5059fb79d7
SHA1:
525b735b69a6816190cf51afa5e44bbb293f011c
SHA256:
E6C769EE924851AF4BF8CA711D887AD2C53C4C5E8BFAA3FE235DC2203978AE48
File Size:
17.93 KB, 17934 bytes
|
|
MD5:
432737ed907934b45f468d0aa77a10a3
SHA1:
be50b336b24b7a08fd5374e3d7e4e4dee3a7afca
SHA256:
855A8E1511DCB4CF1A649F34A3A0EFEB6EEF8A9F80D9F386512666AA30CA625E
File Size:
124.48 KB, 124478 bytes
|
|
MD5:
cc54c2f2c0b9e8713322137f8223689c
SHA1:
c828ac76afb28605c84eee9f4fc885530bddf92c
SHA256:
B630952D47F477F81775504A2654FCA2851D82A4F4DFEF9F35A5CB092BC86FE4
File Size:
138.58 KB, 138580 bytes
|
|
MD5:
2392330a2948493a0bd0226ec63f06be
SHA1:
80b0f8012add21eb353b831ef61edca053448f4a
SHA256:
AF9766FACEA6DF73B3B94C1EFB4822BEEF6AA4383F04A55A2353B7D5A74E19C9
File Size:
148.39 KB, 148391 bytes
|
|
MD5:
219b69512b3f411b54b24d0acc9ab416
SHA1:
d184ca739051a5075a762df15ed5eba493909af4
SHA256:
365A925783C86613F7D5D6ED568F28C19F7D02160BA68BC82D21EFCD479EA6D5
File Size:
125.39 KB, 125388 bytes
|
Show More
|
MD5:
cb577c8b99bd83b88e80a6b652c780ed
SHA1:
508b2c5f28f70ce80656bf6c9f5c46323f611421
SHA256:
FED01D276D8B071D480D2BF56AD271FCDDBF593D5BF4B490D3CF18974CD8563B
File Size:
148.90 KB, 148903 bytes
|
|
MD5:
1a46b2706eb614ab4268f930b232ee3d
SHA1:
c8b36a5834e6b49b7c588a63135053af4783febf
SHA256:
49EA0CD36C24600F6455708A13B4B6243FC7BF1CB1338987677156E4403CAAB4
File Size:
137.85 KB, 137847 bytes
|
|
MD5:
282e928c6df6d59cee02ad8d7ef4b0f0
SHA1:
b12b2ed699461d048c4a94ae28ce3f5d64daeb2d
SHA256:
B431C0A8126F68F2B825E717DC2EDBB50CAA42944BFA33FA18148A6ED023E761
File Size:
129.03 KB, 129034 bytes
|
Windows Portable Executable Attributes
- File doesn't have "Rich" header
- File doesn't have debug information
- File doesn't have exports table
- File doesn't have resources
- File doesn't have security information
- File has TLS information
- File is 64-bit executable
- File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
- File is either console or GUI application
- File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
- File is Native application (NOT .NET application)
- File is not packed
- IMAGE_FILE_DLL is not set inside PE header (Executable)
- IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)
File Traits
- No Version Info
- WriteProcessMemory
- x64
Block Information
Block Information
During analysis, EnigmaSoft breaks file samples into logical blocks for classification and comparison with other samples. Blocks can be used to generate malware detection rules and to group file samples into families based on shared source code, functionality and other distinguishing attributes and characteristics. This section lists a summary of this block data, as well as its classification by EnigmaSoft. A visual representation of the block data is also displayed, where available.| Total Blocks: | 97 |
|---|---|
| Potentially Malicious Blocks: | 1 |
| Whitelisted Blocks: | 96 |
| Unknown Blocks: | 0 |
Visual Map
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
x
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block
? - Unknown Block
x - Potentially Malicious Block
Similar Families
Similar Families
This section lists other families that share similarities with this family, based on EnigmaSoft’s analysis. Many malware families are created from the same malware toolkits and use the same packing and encryption techniques but uniquely extend functionality. Similar families may also share source code, attributes, icons, subcomponents, compromised and/or invalid digital signatures, and network characteristics. Researchers leverage these similarities to rapidly and effectively triage file samples and extend malware detection rules.- Agent.GOH
- Agent.KORA
- Agent.KPSF
- Agent.LDR
- Agent.OFSN
Show More
- Agent.PDFA
- Agent.PDFD
- Agent.PDFE
- Agent.PDFG
- CobaltStrike.GP
- CobaltStrike.SVO
- Downloader.Agent.RCA
- Dropper.FY
- Dropper.JOA
- Injector.SFA
- Kryptik.BTD
- Kryptik.GDR
- Kryptik.LFU
- ReverseShell.FR
- ReverseShell.FRA
- ReverseShell.GDA
- ReverseShell.PBD
- Rozena.DTA
- ShellcodeRunner.MA
- Trojan.Agent.Gen.ALS
- Trojan.Agent.Gen.AOO
- Trojan.Agent.Gen.BIL
- Trojan.Injector.Gen.FHZ
- Trojan.Kryptik.Gen.BGC
- Trojan.Kryptik.Gen.CMI
- Trojan.Kryptik.Gen.CWB
- Trojan.Kryptik.Gen.DAC
- Trojan.Kryptik.Gen.DWA
- Trojan.Kryptik.Gen.ECS
- Trojan.Kryptik.Gen.EKC
- Trojan.ReverseShell.Gen.CE
- Trojan.ReverseShell.Gen.V
- Trojan.ShellcodeRunner.Gen.MF
- Trojan.ShellcodeRunner.Gen.NK
Windows API Usage
Windows API Usage
This section lists Windows API calls that are used by the samples in this family. Windows API usage analysis is a valuable tool that can help identify malicious activity, such as keylogging, security privilege escalation, data encryption, data exfiltration, interference with antivirus software, and network request manipulation.| Category | API |
|---|---|
| Syscall Use |
|
| Process Shell Execute |
|
Shell Command Execution
Shell Command Execution
This section lists Windows shell commands that are run by the samples in this family. Windows Shell commands are often leveraged by malware for nefarious purposes and can be used to elevate security privileges, download and launch other malware, exploit vulnerabilities, collect and exfiltrate data, and hide malicious activity.
c:\users\user\downloads\synthv-studio.exe "c:\users\user\downloads\525b735b69a6816190cf51afa5e44bbb293f011c_0000017934"
|
