General

  • Target

    LLR-Logger.exe

  • Size

    74.7MB

  • Sample

    231202-v3wn7sec31

  • MD5

    bf50b733566468c33c00a8f5f09a47cc

  • SHA1

    80f6d645e7e44fe2ea6d2430d6fefd0e7acfae07

  • SHA256

    74756a73c8e9614d12238e97cbf41c293de2f6514d8a47b78f9cb9271c9034b5

  • SHA512

    05e51962630048a201fd2841fee810a1ea75d1453c2800c4fa354f9cd5b8d28f0e2f55cc3feed45c61c42d774963e7bc72811478f057fb1133ec25c01f945c32

  • SSDEEP

    1572864:iz2MueQpjlkSk8IpG7V+VPhqSSE7ARjRHlWWpyppiZzI+hR1XWseZptrU8S:IZueqxkSkB05awS8Rd0eg2zd7XURY8S

Malware Config

Targets

    • Target

      LLR-Logger.exe

    • Size

      74.7MB

    • MD5

      bf50b733566468c33c00a8f5f09a47cc

    • SHA1

      80f6d645e7e44fe2ea6d2430d6fefd0e7acfae07

    • SHA256

      74756a73c8e9614d12238e97cbf41c293de2f6514d8a47b78f9cb9271c9034b5

    • SHA512

      05e51962630048a201fd2841fee810a1ea75d1453c2800c4fa354f9cd5b8d28f0e2f55cc3feed45c61c42d774963e7bc72811478f057fb1133ec25c01f945c32

    • SSDEEP

      1572864:iz2MueQpjlkSk8IpG7V+VPhqSSE7ARjRHlWWpyppiZzI+hR1XWseZptrU8S:IZueqxkSkB05awS8Rd0eg2zd7XURY8S

    • Enumerates VirtualBox DLL files

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Adds Run key to start application

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks