General
-
Target
LLR Logger.exe
-
Size
78.6MB
-
Sample
231201-2ax5wsge6v
-
MD5
ef2f4f5beae8fa47a116d817ff96e7d1
-
SHA1
963eda8b868061d7f6190d9e172c9485c6ca7748
-
SHA256
5e433b412c346794c83637cb7ff61a660322b0be7bc74c5c06188aa35c0c1e42
-
SHA512
bcfd05b52b7b778fa0c5e09db253b7517639254d33dcf1777d9a426a38cdda39e54af5477decd44a7fb8816736cf19447ecec27d75f1837d12f857da5d836f41
-
SSDEEP
1572864:p2MbiJR5Q3jZDeSk8IpG7V+VPhq+ME73jC/WlsnghowmaOllkWIawZBxWBqX:pZbC+ISkB05aw+tuOsghfxOllkdawZnb
Behavioral task
behavioral1
Sample
LLR Logger.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
LLR Logger.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
LLR Logger.exe
-
Size
78.6MB
-
MD5
ef2f4f5beae8fa47a116d817ff96e7d1
-
SHA1
963eda8b868061d7f6190d9e172c9485c6ca7748
-
SHA256
5e433b412c346794c83637cb7ff61a660322b0be7bc74c5c06188aa35c0c1e42
-
SHA512
bcfd05b52b7b778fa0c5e09db253b7517639254d33dcf1777d9a426a38cdda39e54af5477decd44a7fb8816736cf19447ecec27d75f1837d12f857da5d836f41
-
SSDEEP
1572864:p2MbiJR5Q3jZDeSk8IpG7V+VPhq+ME73jC/WlsnghowmaOllkWIawZBxWBqX:pZbC+ISkB05aw+tuOsghfxOllkdawZnb
Score9/10-
Enumerates VirtualBox DLL files
-
Modifies Installed Components in the registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
3Virtualization/Sandbox Evasion
1