I Feel Lucky I Feel Very Lucky

LttLogger 2.0

Released 19 years, 8 months ago. March 2005

Copyright © MegaSecurity

By LttCoder

Informations
Author LttCoder
Family LttLogger
Category Information Stealer
Version LttLogger 2.0
Released Date Mar 2005, 19 years, 8 months ago.
Language Delphi, Server compressed with FSG
Additional Information 
Server:
dropped files:
c:\WINDOWS\4DFlowerBox.scr          size: 17,197 bytes 
c:\WINDOWS\cht.pol                  size: 36 bytes 
c:\WINDOWS\mseiw.exe                size: 17,197 bytes 
c:\WINDOWS\syxsocks.dll             size: 18,944 bytes 
c:\WINDOWS\system32\fontstyles.exe  size: 17,197 bytes 

changes to registry:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell"
old data: Explorer.exe 
new data: explorer.exe 4DFlowerBox.scr 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "System"
old data: 
new data: C:\WINDOWS\System32\fontstyles.exe 

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "load"
old data: 
new data: mseiw.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders "Common Startup"
old data: %ALLUSERSPROFILE%\Start Menu\Programs\Startup 
new data: C:\WINDOWS\System32\webdav 

HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows "run"
data: mseiw.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2bf41072-b2b1-21c1-b5c1-0305f4155515} "StubPath"
data: C:\WINDOWS\mseiw.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings "msiew"
data: C:\Documents and Settings\Kobayashi\Desktop\LttLogger2.0\server.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "msiew"
data: C:\WINDOWS\mseiw.exe 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runservices "msiew"
data: C:\WINDOWS\mseiw.exe 



tested on Windows XP
March 21, 2005

Author Information / Description 
Description:
-----------
LttLogger is a little keylogger that logs all the keys pressed on your keyboard and saves it to a file inside WINDOWS/ folder. When the file reaches ybytes (which you specify in editserver) it will automatically upload the logfile to a ftp server you specify.

-DLL injection (firwall bypass)
-Server size 16,7 kb fsg packed
-melt function
-J3n7il's editserver encryption


What's new in 2.0?
-check if FTP server is online, and only upload/reset logfile ONLY when it is online.
-Log file is now hidden and cannot be seen by a normal user.
-Finds the default internet browser and injects to it, instead of only injecting into iexplore. 
-keylogger can save the logfiles in different directories on the ftp server. 
-the name of the dll file that keylogger uses can now be changed from editserver.
-Multi-Infect protection.
-Disables system restore.
-more startup methods(Including Activex and the secret methods from SUB7)
-create each directory for every victim in order by computername
-PHP notification added


LttCoder

If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.