lampion | 79aaa08982958ac5fa37e3709a6787619777e11af773609fd974095dfdb0f0fa | Triage

Sharing

General

Target

79aaa08982958ac5fa37e3709a6787619777e11af773609fd974095dfdb0f0fa
Size

13KB
Sample

220128-yxbcvscha5
MD5

a391a83144aa1e33912e38930291711b
SHA1

9bbb973ff85117591f1163a5fffb035f92689bac
SHA256

79aaa08982958ac5fa37e3709a6787619777e11af773609fd974095dfdb0f0fa
SHA512

22441b5a2490c7bc2f9e9c582b485fb146958e58db680eb78d174c6b75d091e6ad9953811916f20fd3ebda69c161b8676e1b4b57aca0e223c51b43f2249e5cb7

Score

10^/10

lampion banker trojan

Malware Config

Targets

- Target
  
  79aaa08982958ac5fa37e3709a6787619777e11af773609fd974095dfdb0f0fa
- Size
  
  13KB
- MD5
  
  a391a83144aa1e33912e38930291711b
- SHA1
  
  9bbb973ff85117591f1163a5fffb035f92689bac
- SHA256
  
  79aaa08982958ac5fa37e3709a6787619777e11af773609fd974095dfdb0f0fa
- SHA512
  
  22441b5a2490c7bc2f9e9c582b485fb146958e58db680eb78d174c6b75d091e6ad9953811916f20fd3ebda69c161b8676e1b4b57aca0e223c51b43f2249e5cb7
Score

10^/10

lampion banker trojan
- Lampion
  Lampion is a banking trojan, targeting Portuguese speaking countries.
  trojan banker lampion
- Blocklisted process makes network request
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lampionbankertrojan

behavioral2