lampion | f085588cf016993e6298640bf797c1d31b61a8087a3240d517a53a5a58474987 | Triage

Submit
Reports

Overview

overview

Static

static

f085588cf0...87.msi

windows7_x64

f085588cf0...87.msi

windows10-2004_x64

Sharing

General

Target

f085588cf016993e6298640bf797c1d31b61a8087a3240d517a53a5a58474987
Size

951KB
Sample

220213-nq5m1sbddn
MD5

e2c5416931f1c9369fb55e7adcf6364b
SHA1

57c960dc13b433a3fe3225b884fcbccc01c00c36
SHA256

f085588cf016993e6298640bf797c1d31b61a8087a3240d517a53a5a58474987
SHA512

96e666f61ad0e1e1c9146b31ea94622004e9dcdd082372e5ae7dada1c3aa28538d506c870502be8b381170a2d60ea470e196141de0affab232d8a106fa4ca51e

Score

10^/10

lampion banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

f085588cf016993e6298640bf797c1d31b61a8087a3240d517a53a5a58474987.msi

Resource

win7-en-20211208

lampion banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f085588cf016993e6298640bf797c1d31b61a8087a3240d517a53a5a58474987.msi

Resource

win10v2004-en-20220113

lampion banker trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  f085588cf016993e6298640bf797c1d31b61a8087a3240d517a53a5a58474987
- Size
  
  951KB
- MD5
  
  e2c5416931f1c9369fb55e7adcf6364b
- SHA1
  
  57c960dc13b433a3fe3225b884fcbccc01c00c36
- SHA256
  
  f085588cf016993e6298640bf797c1d31b61a8087a3240d517a53a5a58474987
- SHA512
  
  96e666f61ad0e1e1c9146b31ea94622004e9dcdd082372e5ae7dada1c3aa28538d506c870502be8b381170a2d60ea470e196141de0affab232d8a106fa4ca51e
Score

10^/10

lampion banker trojan
- Lampion
  Lampion is a banking trojan, targeting Portuguese speaking countries.
  trojan banker lampion
- Blocklisted process makes network request
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lampionbankertrojan

behavioral2

lampionbankertrojan

© 2018-2024

Terms | Privacy