General
-
Target
AnyDeskAPP.msi
-
Size
1.4MB
-
Sample
230118-16qj9aga2w
-
MD5
4e4a4a4eb6a77d72af83b2bbd0698593
-
SHA1
dbaeba54fcae50acc36565d0f61ad73df6df7d45
-
SHA256
58e9f60d0b951029578cc1054668bfee2f00cfa029cfbd01ea65c7f61713a40a
-
SHA512
69785dadc878bd1178672a8f08590eeccd268b4fd2107ae3909e59fba03e7cfa425f690580dfcfa1f5ec3e494e5ef0b7232a16a26c8fbf734ef3887da4044ccb
-
SSDEEP
24576:Y+rwxLNjY3Wx0ECIgYmfLVYeBZrWAv12h2SekeUuyZD6lvs0zqa3:TrMjYMZKumZrWAWTreUuyZD6lvVz9
Malware Config
Targets
-
-
Target
AnyDeskAPP.msi
-
Size
1.4MB
-
MD5
4e4a4a4eb6a77d72af83b2bbd0698593
-
SHA1
dbaeba54fcae50acc36565d0f61ad73df6df7d45
-
SHA256
58e9f60d0b951029578cc1054668bfee2f00cfa029cfbd01ea65c7f61713a40a
-
SHA512
69785dadc878bd1178672a8f08590eeccd268b4fd2107ae3909e59fba03e7cfa425f690580dfcfa1f5ec3e494e5ef0b7232a16a26c8fbf734ef3887da4044ccb
-
SSDEEP
24576:Y+rwxLNjY3Wx0ECIgYmfLVYeBZrWAv12h2SekeUuyZD6lvs0zqa3:TrMjYMZKumZrWAWTreUuyZD6lvVz9
Score10/10-
Lampion
Lampion is a banking trojan, targeting Portuguese speaking countries.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Blocklisted process makes network request
-
Executes dropped EXE
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-