I Feel Lucky I Feel Very Lucky

LttLogger 2.0

Released 19 years, 10 months ago. March 2005

Copyright © MegaSecurity

By LttCoder

Informations
Author LttCoder
Family LttLogger
Category Information Stealer
Version LttLogger 2.0
Released Date Mar 2005, 19 years, 10 months ago.
Language Delphi, Server compressed with FSG
Additional Information 
Server:
dropped files:
c:\WINDOWS\4DFlowerBox.scr          size: 17,197 bytes 
c:\WINDOWS\cht.pol                  size: 36 bytes 
c:\WINDOWS\mseiw.exe                size: 17,197 bytes 
c:\WINDOWS\syxsocks.dll             size: 18,944 bytes 
c:\WINDOWS\system32\fontstyles.exe  size: 17,197 bytes 

changes to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
old data: Explorer.exe 
new data: explorer.exe 4DFlowerBox.scr 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "System"
old data: 
new data: C:\WINDOWS\System32\fontstyles.exe 

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "load"
old data: 
new data: mseiw.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders "Common Startup"
old data: %ALLUSERSPROFILE%\Start Menu\Programs\Startup 
new data: C:\WINDOWS\System32\webdav 

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "run"
data: mseiw.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2bf41072-b2b1-21c1-b5c1-0305f4155515} "StubPath"
data: C:\WINDOWS\mseiw.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "msiew"
data: C:\Documents and Settings\Kobayashi\Desktop\LttLogger2.0\server.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "msiew"
data: C:\WINDOWS\mseiw.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices "msiew"
data: C:\WINDOWS\mseiw.exe 



tested on Windows XP
March 21, 2005

Author Information / Description 
Description:
-----------
LttLogger is a little keylogger that logs all the keys pressed on your keyboard and saves it to a file inside WINDOWS/ folder. When the file reaches ybytes (which you specify in editserver) it will automatically upload the logfile to a ftp server you specify.

-DLL injection (firwall bypass)
-Server size 16,7 kb fsg packed
-melt function
-J3n7il's editserver encryption


What's new in 2.0?
-check if FTP server is online, and only upload/reset logfile ONLY when it is online.
-Log file is now hidden and cannot be seen by a normal user.
-Finds the default internet browser and injects to it, instead of only injecting into iexplore. 
-keylogger can save the logfiles in different directories on the ftp server. 
-the name of the dll file that keylogger uses can now be changed from editserver.
-Multi-Infect protection.
-Disables system restore.
-more startup methods(Including Activex and the secret methods from SUB7)
-create each directory for every victim in order by computername
-PHP notification added


LttCoder

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.