General

  • Target

    LLR Logger.exe

  • Size

    78.6MB

  • Sample

    231201-2ax5wsge6v

  • MD5

    ef2f4f5beae8fa47a116d817ff96e7d1

  • SHA1

    963eda8b868061d7f6190d9e172c9485c6ca7748

  • SHA256

    5e433b412c346794c83637cb7ff61a660322b0be7bc74c5c06188aa35c0c1e42

  • SHA512

    bcfd05b52b7b778fa0c5e09db253b7517639254d33dcf1777d9a426a38cdda39e54af5477decd44a7fb8816736cf19447ecec27d75f1837d12f857da5d836f41

  • SSDEEP

    1572864:p2MbiJR5Q3jZDeSk8IpG7V+VPhq+ME73jC/WlsnghowmaOllkWIawZBxWBqX:pZbC+ISkB05aw+tuOsghfxOllkdawZnb

Malware Config

Targets

    • Target

      LLR Logger.exe

    • Size

      78.6MB

    • MD5

      ef2f4f5beae8fa47a116d817ff96e7d1

    • SHA1

      963eda8b868061d7f6190d9e172c9485c6ca7748

    • SHA256

      5e433b412c346794c83637cb7ff61a660322b0be7bc74c5c06188aa35c0c1e42

    • SHA512

      bcfd05b52b7b778fa0c5e09db253b7517639254d33dcf1777d9a426a38cdda39e54af5477decd44a7fb8816736cf19447ecec27d75f1837d12f857da5d836f41

    • SSDEEP

      1572864:p2MbiJR5Q3jZDeSk8IpG7V+VPhq+ME73jC/WlsnghowmaOllkWIawZBxWBqX:pZbC+ISkB05aw+tuOsghfxOllkdawZnb

    • Enumerates VirtualBox DLL files

    • Modifies Installed Components in the registry

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks