W32/Kryptik.4BCD!tr

description-logoAnalysis

W32/Kryptic.4BCD!tr is a generic detection for a trojan. Since this is a generic detection, malware that are detected as W32/Kryptic.4BCD!tr may have varying behaviour.
Below are is a summary of its behaviours:

  • It steals system information and attempts to steal banking and online account credentials.

  • The Stolen information may include:
    • System information
    • List of installed applications
    • List of installed drivers
    • List of running processes
    • List of network devices
    • External IP address
    • Email credentials (IMAP, POP3, SMTP)
    • Cookies
    • Certificates
    • Screen video captures (.AVI)
    • Financial information via web injects

  • If the account gets compromised then the malware can fetch the host machine information as well and can perform lateral movement as well.

  • This malware may connect to any of the following remote Command and Control Server(s):
    • doc[.]avitoon[.]at
    • app[.]kartop[.]at
    • doc[.]dicin[.]at
    • tri[.]umpalok[.]at
    • tt[.]zicino[.]at
    • doom[.]matr[.]at
    • ut[.]nonpur[.]at
    • app[.]avitoon[.]at
    • ops[.]twidix[.]at
    • xx[.]go10og[.]at
    • api[.]kartop[.]at
    • m1[.]fofon[.]at
    • cdn[.]kartop[.]at
    • api[.]tylron[.]at
    • chat[.]twidix[.]at
    • api[.]kaonok[.]at
    • chat[.]jimden[.]at


recommended-action-logoRecommended Action

  • Make sure that your FortiGate/FortiClient system is using the latest AV database.
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.

Telemetry logoTelemetry

Detection Availability

FortiGate
FortiClient
FortiAPS
FortiAPU
FortiMail
FortiSandbox
FortiWeb
Web Application Firewall
FortiIsolator
FortiDeceptor
FortiEDR

Version Updates

Date Version Detail
2024-03-04 92.02137
2021-11-15 89.06904
2021-10-29 89.06392
2021-07-27 87.00933
2020-12-18 82.64500 Sig Updated
2019-10-18 72.42600 Sig Updated
2018-10-24 63.16800 Sig Updated
2018-10-18 63.02900 Sig Updated