Overview

overview

10

Static

static

d1840a5a84...c1.vbs

windows7_x64

10

d1840a5a84...c1.vbs

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d1840a5a846f8799b6b28fd3ece9125a4ac9bf94de13010573723ec3546944c1

  • Size

    10KB

  • Sample

    220625-k2drwsgdb3

  • MD5

    d7a54b62097678df7ad6a0d2871dc342

  • SHA1

    0a0ff21cc2c81d4a7de738d944445e48ed9ef314

  • SHA256

    d1840a5a846f8799b6b28fd3ece9125a4ac9bf94de13010573723ec3546944c1

  • SHA512

    813a82139954ec7669829b8d0cf270657ce64a2d8294a1b35e3d9a6212af3af7905f9e386ad3dff03ba9fddf595c25388620cf01ea29e9ae22798aa7e01b2637

Score
10/10
lampionbankertrojan

Malware Config

Targets

    • Target

      d1840a5a846f8799b6b28fd3ece9125a4ac9bf94de13010573723ec3546944c1

    • Size

      10KB

    • MD5

      d7a54b62097678df7ad6a0d2871dc342

    • SHA1

      0a0ff21cc2c81d4a7de738d944445e48ed9ef314

    • SHA256

      d1840a5a846f8799b6b28fd3ece9125a4ac9bf94de13010573723ec3546944c1

    • SHA512

      813a82139954ec7669829b8d0cf270657ce64a2d8294a1b35e3d9a6212af3af7905f9e386ad3dff03ba9fddf595c25388620cf01ea29e9ae22798aa7e01b2637

    Score
    10/10
    lampionbankertrojan

    • Lampion

      Lampion is a banking trojan, targeting Portuguese speaking countries.

      trojanbankerlampion

    • Blocklisted process makes network request

    • Drops startup file

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks