lampion | cd9d625e9fe6116f5f5e938ae9f693e10529df238b4e2bbd974f6d5c41f96aa8 | Triage

Submit
Reports

Overview

overview

Static

static

cd9d625e9f...a8.msi

windows7_x64

cd9d625e9f...a8.msi

windows10-2004_x64

Sharing

General

Target

cd9d625e9fe6116f5f5e938ae9f693e10529df238b4e2bbd974f6d5c41f96aa8
Size

951KB
Sample

220213-nq735sbddq
MD5

9951c45e09990f06bc3e3758062c9ade
SHA1

27ef845a9562b989c38dd6d2eda42d31d7c2a354
SHA256

cd9d625e9fe6116f5f5e938ae9f693e10529df238b4e2bbd974f6d5c41f96aa8
SHA512

b97185d2eeec22a2a66cd56f3ca6ee1a4e97c9e1d1ddea24c71ca4d9f7ef4f337c7a1197d08814c4a70870266230891f0798e8c924623291409edfb51b81539d

Score

10^/10

lampion banker trojan

Static task

static1

Behavioral task

behavioral1

Sample

cd9d625e9fe6116f5f5e938ae9f693e10529df238b4e2bbd974f6d5c41f96aa8.msi

Resource

win7-en-20211208

lampion banker trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cd9d625e9fe6116f5f5e938ae9f693e10529df238b4e2bbd974f6d5c41f96aa8.msi

Resource

win10v2004-en-20220113

lampion banker trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  cd9d625e9fe6116f5f5e938ae9f693e10529df238b4e2bbd974f6d5c41f96aa8
- Size
  
  951KB
- MD5
  
  9951c45e09990f06bc3e3758062c9ade
- SHA1
  
  27ef845a9562b989c38dd6d2eda42d31d7c2a354
- SHA256
  
  cd9d625e9fe6116f5f5e938ae9f693e10529df238b4e2bbd974f6d5c41f96aa8
- SHA512
  
  b97185d2eeec22a2a66cd56f3ca6ee1a4e97c9e1d1ddea24c71ca4d9f7ef4f337c7a1197d08814c4a70870266230891f0798e8c924623291409edfb51b81539d
Score

10^/10

lampion banker trojan
- Lampion
  Lampion is a banking trojan, targeting Portuguese speaking countries.
  trojan banker lampion
- Blocklisted process makes network request
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Loads dropped DLL
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lampionbankertrojan

behavioral2

lampionbankertrojan

© 2018-2024

Terms | Privacy