Multi-License Discount Quote

Change Region

English
Threat Database Trojans Trojan.Kryptik.LSB

Trojan.Kryptik.LSB

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Kryptik.LSB
Signature status: No Signature

Known Samples

MD5: e91ebe4fbbc0529c3b2498b37fbfda9f
SHA1: 8cb3c2c858b196d5169f4f04ebd231b598b4a1be
SHA256: 79D001D64E79E5DEB4116A5DBAD7D2B1263E6851826E5B5344FAE74D3C372D3B
File Size: 1.06 MB, 1058816 bytes
MD5: 41ed4f3fa80baa8e7d9a25ca1b12c991
SHA1: c82a3c80956adf63ed3babb9db1de25c898febbf
SHA256: 65B9B1043CCA9DEDCEBE6FA29FD36A15B0942F786B1B3B5F233D8B7F97FA42E9
File Size: 355.33 KB, 355328 bytes
MD5: 573a13444aa442a6e993162f77d49e4c
SHA1: 591d2da653a13182e00f13282c30d2994d4de377
SHA256: 75857081A93BA31FDFDB292E7886E397F37ED59272FF9E0AF381EBFE5B83A90D
File Size: 3.46 MB, 3457024 bytes
MD5: 41d5627a365fffee058a2f2373ff2133
SHA1: ab17ccae05b67d389a11c754f8fcbc730c7cc30c
SHA256: EADB1885E3EBA87848D9FDF1888753DD2E2B16D160805E5D31CCE3C94C335890
File Size: 3.84 MB, 3837440 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have exports table
  • File doesn't have resources
  • File doesn't have security information
  • File has TLS information
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
Show More
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

Windows PE Version Information

Name Value
Comments Automatic hardware driver update tool
Company Name Mythic Mounts
File Description
  • Advanced mobility script for enhanced movement techniques.
  • ugo-cheaves
File Version
  • 1.1.0
  • 0.1.0
Internal Name GriffinMount
Legal Copyright Copyright © 2024-2025 Mythic Mounts
Legal Trademark Mythic Mounts™
Original Filename GriffinMount.exe
Product Name
  • Griffin Mount
  • ugo-cheaves
Product Version
  • 1.1.0
  • 0.1.0

File Traits

  • fptable
  • HighEntropy
  • No Version Info
  • ntdll
  • x86

Block Information

Total Blocks: 1,055
Potentially Malicious Blocks: 58
Whitelisted Blocks: 973
Unknown Blocks: 24

Visual Map

? x x 0 x ? ? 0 0 ? ? 0 0 ? 0 ? 0 0 ? ? ? ? ? x x 0 x 0 ? ? 0 x 0 0 x ? 0 ? ? x x 0 ? x x x x x x 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x ? 0 ? 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x x x 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 ? 0 0 0 0 0 0 x 0 0 0 0 0 x 0 x 0 0 0 x 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 x 0 0 0 0 x x 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 x 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 1 1 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 2 2 2 0 0 0 0 0 2 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 3 1 1 1 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 ?
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Fsysna.M
  • Gamehack.GJE
  • Krypt.KBAJ
  • Kryptik.LSB
  • Kryptik.OSBE
Show More
  • Trojan.Kryptik.Gen.BFT

Files Modified

File Attributes
c:\users\user\appdata\local\temp\payload_debug.log Read Attributes,Synchronize,Read Control,Write Attributes,Write extended,Append data

Registry Modifications

Key::Value Data API Name
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe ﹠끇ǜ RegNtPreCreateKey

Windows API Usage

Category API
Network Winhttp
  • WinHttpConnect
  • WinHttpOpen
  • WinHttpOpenRequest
  • WinHttpSendRequest
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • NtWriteVirtualMemory
  • VirtualAllocEx
Process Shell Execute
  • CreateProcess
Syscall Use
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtClose
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
Show More
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWriteFile
  • UNKNOWN

Shell Command Execution

C:\Windows\System32\dism.exe (NULL)

Trending

Most Viewed

Loading...