lampion | 643d400cbdcff21ca2c0b8539f6990e22ababc740ced01f466150e44b669edf5 | Triage

Sharing

General

Target

643d400cbdcff21ca2c0b8539f6990e22ababc740ced01f466150e44b669edf5
Size

14KB
Sample

220128-zcnywschep
MD5

af824991d302e19cfe49a158f5aa7320
SHA1

edd17041aa85f80941f973b4db3506752207920d
SHA256

643d400cbdcff21ca2c0b8539f6990e22ababc740ced01f466150e44b669edf5
SHA512

d06ecfc43d22b13db0982120c551078009c6b9b8adf2de5f4d6b432d1aac5a85766a41b17eb730d1397eb522035ff468efadf1f68ad98833bdcb774f625fec35

Score

10^/10

lampion banker trojan

Malware Config

Targets

- Target
  
  643d400cbdcff21ca2c0b8539f6990e22ababc740ced01f466150e44b669edf5
- Size
  
  14KB
- MD5
  
  af824991d302e19cfe49a158f5aa7320
- SHA1
  
  edd17041aa85f80941f973b4db3506752207920d
- SHA256
  
  643d400cbdcff21ca2c0b8539f6990e22ababc740ced01f466150e44b669edf5
- SHA512
  
  d06ecfc43d22b13db0982120c551078009c6b9b8adf2de5f4d6b432d1aac5a85766a41b17eb730d1397eb522035ff468efadf1f68ad98833bdcb774f625fec35
Score

10^/10

lampion banker trojan
- Lampion
  Lampion is a banking trojan, targeting Portuguese speaking countries.
  trojan banker lampion
- Blocklisted process makes network request
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lampionbankertrojan

behavioral2