![[Image: LOR-Logger-v2.png]](https://blackhattool.com/wp-content/uploads/2025/07/LOR-Logger-v2.png)
What is LO$R Logger v2?LO$R Logger (short for
Loki Password Stealer & Recorder) is a
banking trojan and keylogger that first emerged in underground cybercrime forums. The
v2 version represents a major upgrade, featuring:
- Enhanced credential theft (banking logins, credit cards, crypto wallets)
- Advanced evasion techniques (anti-VM, anti-sandbox, code obfuscation)
- Modular plugin system (allowing attackers to add new features)
Key Features of LO$R Logger v21. Banking & Financial Data Theft- Web injects
- Form grabbing
- Credit card harvesting
- Cryptocurrency theft
2. Keylogging & Screen Capture- Records keystrokes
- Takes screenshots
- Webcam hijacking
3. Anti-Detection & Evasion Techniques- Polymorphic code – Changes its signature to avoid AV detection.
- Process injection – Runs inside legitimate processes (e.g., explorer.exe).
- Virtual Machine (VM) evasion – Detects sandbox environments and shuts down.
- Rootkit functionality – Hides files, registry keys, and network activity.
4. C2 (Command & Control) Communication- Tor-based C2 servers
- Encrypted exfiltration
- Telegram bot integration
5. Persistence Mechanisms- Registry autorun keys
- DLL sideloading
- Task scheduler abuse
