Overview

overview

10

Static

static

29eeba2cbe...0a.vbs

windows7_x64

10

29eeba2cbe...0a.vbs

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    29eeba2cbe0f3f6b119ebcc33f23d13964af26ee744419711aa24c6110c1510a

  • Size

    16KB

  • Sample

    220128-1qllcsedgl

  • MD5

    8796bfe9c4735fe01a04125c25e67ed8

  • SHA1

    3c3b3f0ae2617ce7e240e9ae35c023d91addbd0c

  • SHA256

    29eeba2cbe0f3f6b119ebcc33f23d13964af26ee744419711aa24c6110c1510a

  • SHA512

    80c103adb21dee293201edb0d7d7047c05b34b8fae666a147f660b3041a606d2ef9a1f8cbf162b41b595d42d7b13ec32ef3478c81bf8d1934db07dde85b66211

Score
10/10
lampionbankertrojan

Malware Config

Targets

    • Target

      29eeba2cbe0f3f6b119ebcc33f23d13964af26ee744419711aa24c6110c1510a

    • Size

      16KB

    • MD5

      8796bfe9c4735fe01a04125c25e67ed8

    • SHA1

      3c3b3f0ae2617ce7e240e9ae35c023d91addbd0c

    • SHA256

      29eeba2cbe0f3f6b119ebcc33f23d13964af26ee744419711aa24c6110c1510a

    • SHA512

      80c103adb21dee293201edb0d7d7047c05b34b8fae666a147f660b3041a606d2ef9a1f8cbf162b41b595d42d7b13ec32ef3478c81bf8d1934db07dde85b66211

    Score
    10/10
    lampionbankertrojan

    • Lampion

      Lampion is a banking trojan, targeting Portuguese speaking countries.

      trojanbankerlampion

    • Blocklisted process makes network request

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks