Overview

overview

10

Static

static

vending

windows7-x64

1

vending

windows10-2004-x64

1

windows.exe

windows7-x64

10

windows.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Update.zip

  • Size

    35.7MB

  • Sample

    230119-ax36wadh88

  • MD5

    1c950d3f6ebe961fc40584d71ff2a20e

  • SHA1

    829b36c08b416cde3be333dc2f91eab5ec96fe54

  • SHA256

    3a252ea82333db3b0190b6d1b842b0ef9a6dd4483c4bfb12e5432978e9253ab5

  • SHA512

    2b9c4991bff45a8623e005b8dd7bc700ceaaafbeadb713fdbc279d618ade8d916422724935e4a2f492fd05a4adbbee6afcf614c45cb73827e4405b84495a2256

  • SSDEEP

    786432:f6oCqpfbh7XlE4M1nHFer3hOs3hkhgiSF5Io4VeNp9+t6+Os0Whuhr2Wv9xpXygf:iopNlLGvnIr3hOs3a2iSDNr+4+OYWv9l

Score
10/10
lampionbankerevasionpersistencetrojan

Malware Config

Targets

    • Target

      vending

    • Size

      89.4MB

    • MD5

      3c6ef07082ae5cd1cdbb4c272f1da202

    • SHA1

      4bbc70f293110dae93746e8a1fe7c5a47d1f33ec

    • SHA256

      2bd1e88bcdd6377d1fa2a8f12b1ffec9c1a73e4aeea4a9eea31c359880a17b4c

    • SHA512

      432d6c249b4b000c5cdf9600f8ca3f7771e55d41152abbc398b70a5b8cc5bd3d867a7febbd7b4d07186a519b04a7f552aa25712c099b16ebdb4575a751c73ee9

    • SSDEEP

      786432:DWnlOjGCSS7HFuEW6fuFG1V1vvVxlQor+1CvEizDCp9Gp:+IjzFXW2VxlQsZEaCTGp

    Score
    1/10
    behavioral1behavioral2

    • Target

      windows.exe

    • Size

      5.5MB

    • MD5

      caa7805c7dc283359293bae074cb85ec

    • SHA1

      f21c4880fbf40b8f03ed8954263106d814ac014d

    • SHA256

      e24fbdd85caccbf63428e12d5e0afb7529c6c22469ed7414e80d5a6b9c02ac23

    • SHA512

      206a54b956f7bed6f63a2f08b9ec6b9bec32fb628356e2b6189edea814e403bee385ce46420ca5a4d41e33d6306376c7c605f3645c5c3b85a0f0980d4ba5e8f1

    • SSDEEP

      98304:E6mIaXo6zdDzxzWfqyD+OHSpUijWAsIC0A6NNU4chmX+dLFR:E6mY69zN8HSWijWAsIFA6NNvYmXuLL

    Score
    10/10
    lampionbankerevasionpersistencetrojan

    • Lampion

      Lampion is a banking trojan, targeting Portuguese speaking countries.

      trojanbankerlampion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks