Threat Database Trojans Trojan.Kryptik.GDR

Trojan.Kryptik.GDR

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Kryptik.GDR
Signature status: No Signature

Known Samples

MD5: e8483c31078631d5dabedc5059fb79d7
SHA1: 525b735b69a6816190cf51afa5e44bbb293f011c
SHA256: E6C769EE924851AF4BF8CA711D887AD2C53C4C5E8BFAA3FE235DC2203978AE48
File Size: 17.93 KB, 17934 bytes
MD5: 432737ed907934b45f468d0aa77a10a3
SHA1: be50b336b24b7a08fd5374e3d7e4e4dee3a7afca
SHA256: 855A8E1511DCB4CF1A649F34A3A0EFEB6EEF8A9F80D9F386512666AA30CA625E
File Size: 124.48 KB, 124478 bytes
MD5: cc54c2f2c0b9e8713322137f8223689c
SHA1: c828ac76afb28605c84eee9f4fc885530bddf92c
SHA256: B630952D47F477F81775504A2654FCA2851D82A4F4DFEF9F35A5CB092BC86FE4
File Size: 138.58 KB, 138580 bytes
MD5: 2392330a2948493a0bd0226ec63f06be
SHA1: 80b0f8012add21eb353b831ef61edca053448f4a
SHA256: AF9766FACEA6DF73B3B94C1EFB4822BEEF6AA4383F04A55A2353B7D5A74E19C9
File Size: 148.39 KB, 148391 bytes
MD5: 219b69512b3f411b54b24d0acc9ab416
SHA1: d184ca739051a5075a762df15ed5eba493909af4
SHA256: 365A925783C86613F7D5D6ED568F28C19F7D02160BA68BC82D21EFCD479EA6D5
File Size: 125.39 KB, 125388 bytes
Show More
MD5: cb577c8b99bd83b88e80a6b652c780ed
SHA1: 508b2c5f28f70ce80656bf6c9f5c46323f611421
SHA256: FED01D276D8B071D480D2BF56AD271FCDDBF593D5BF4B490D3CF18974CD8563B
File Size: 148.90 KB, 148903 bytes
MD5: 1a46b2706eb614ab4268f930b232ee3d
SHA1: c8b36a5834e6b49b7c588a63135053af4783febf
SHA256: 49EA0CD36C24600F6455708A13B4B6243FC7BF1CB1338987677156E4403CAAB4
File Size: 137.85 KB, 137847 bytes
MD5: 282e928c6df6d59cee02ad8d7ef4b0f0
SHA1: b12b2ed699461d048c4a94ae28ce3f5d64daeb2d
SHA256: B431C0A8126F68F2B825E717DC2EDBB50CAA42944BFA33FA18148A6ED023E761
File Size: 129.03 KB, 129034 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have resources
  • File doesn't have security information
  • File has TLS information
  • File is 64-bit executable
  • File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
Show More
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Traits

  • No Version Info
  • WriteProcessMemory
  • x64

Block Information

Total Blocks: 97
Potentially Malicious Blocks: 1
Whitelisted Blocks: 96
Unknown Blocks: 0

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Agent.GOH
  • Agent.KORA
  • Agent.KPSF
  • Agent.LDR
  • Agent.OFSN
Show More
  • Agent.PDFA
  • Agent.PDFD
  • Agent.PDFE
  • Agent.PDFG
  • CobaltStrike.GP
  • CobaltStrike.SVO
  • Downloader.Agent.RCA
  • Dropper.FY
  • Dropper.JOA
  • Injector.SFA
  • Kryptik.BTD
  • Kryptik.GDR
  • Kryptik.LFU
  • ReverseShell.FR
  • ReverseShell.FRA
  • ReverseShell.GDA
  • ReverseShell.PBD
  • Rozena.DTA
  • ShellcodeRunner.MA
  • Trojan.Agent.Gen.ALS
  • Trojan.Agent.Gen.AOO
  • Trojan.Agent.Gen.BIL
  • Trojan.Injector.Gen.FHZ
  • Trojan.Kryptik.Gen.BGC
  • Trojan.Kryptik.Gen.CMI
  • Trojan.Kryptik.Gen.CWB
  • Trojan.Kryptik.Gen.DAC
  • Trojan.Kryptik.Gen.DWA
  • Trojan.Kryptik.Gen.ECS
  • Trojan.Kryptik.Gen.EKC
  • Trojan.ReverseShell.Gen.CE
  • Trojan.ReverseShell.Gen.V
  • Trojan.ShellcodeRunner.Gen.MF
  • Trojan.ShellcodeRunner.Gen.NK

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtUserGetKeyboardLayout
  • win32u.dll!NtUserGetThreadState
Process Shell Execute
  • CreateProcess

Shell Command Execution

c:\users\user\downloads\synthv-studio.exe "c:\users\user\downloads\525b735b69a6816190cf51afa5e44bbb293f011c_0000017934"

Trending

Most Viewed

Loading...