MSIL/Kryptik.MLK!tr

description-logoAnalysis


MSIL/Kryptik.MLK!tr is a generic detection for a type of trojan. Since this is a generic detection, files that are detected as MSIL/Kryptik.MLK!tr may have varying behavior.
Below are examples of some of these behavior:

  • It drops the following files:
    • %startup%\mscdcu.exe : This file is a copy of the original malware itself.

  • The following suspicious registry key(s) have been added to cause the program to be run each time a user logs on:
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
      • windows defender = %startup%\mscdcu.exe -boot
      This automatically executes the dropped file every time the infected user logs on.

  • This malware was also observed to attempt network connection to:
    • mlhdns.pandabearsun{removed}.xyz


recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
Extended
FortiClient
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2021-04-27 85.00761