General
-
Target
LLR-Logger.exe
-
Size
74.7MB
-
Sample
231202-v3wn7sec31
-
MD5
bf50b733566468c33c00a8f5f09a47cc
-
SHA1
80f6d645e7e44fe2ea6d2430d6fefd0e7acfae07
-
SHA256
74756a73c8e9614d12238e97cbf41c293de2f6514d8a47b78f9cb9271c9034b5
-
SHA512
05e51962630048a201fd2841fee810a1ea75d1453c2800c4fa354f9cd5b8d28f0e2f55cc3feed45c61c42d774963e7bc72811478f057fb1133ec25c01f945c32
-
SSDEEP
1572864:iz2MueQpjlkSk8IpG7V+VPhqSSE7ARjRHlWWpyppiZzI+hR1XWseZptrU8S:IZueqxkSkB05awS8Rd0eg2zd7XURY8S
Behavioral task
behavioral1
Sample
LLR-Logger.exe
Resource
win7-20231130-en
Behavioral task
behavioral2
Sample
LLR-Logger.exe
Resource
win10v2004-20231127-en
Malware Config
Targets
-
-
Target
LLR-Logger.exe
-
Size
74.7MB
-
MD5
bf50b733566468c33c00a8f5f09a47cc
-
SHA1
80f6d645e7e44fe2ea6d2430d6fefd0e7acfae07
-
SHA256
74756a73c8e9614d12238e97cbf41c293de2f6514d8a47b78f9cb9271c9034b5
-
SHA512
05e51962630048a201fd2841fee810a1ea75d1453c2800c4fa354f9cd5b8d28f0e2f55cc3feed45c61c42d774963e7bc72811478f057fb1133ec25c01f945c32
-
SSDEEP
1572864:iz2MueQpjlkSk8IpG7V+VPhqSSE7ARjRHlWWpyppiZzI+hR1XWseZptrU8S:IZueqxkSkB05awS8Rd0eg2zd7XURY8S
Score9/10-
Enumerates VirtualBox DLL files
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Hide Artifacts
2Hidden Files and Directories
2Modify Registry
1Virtualization/Sandbox Evasion
1