Overview

overview

10

Static

static

1

windows.exe

windows7-x64

10

windows.exe

windows10-2004-x64

10

winvetxvdf33

windows7-x64

1

winvetxvdf33

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    app.zip

  • Size

    35.6MB

  • Sample

    230303-szdccaab25

  • MD5

    0706934b583c6f16658dacde622b069c

  • SHA1

    50b35c7e17d6648506218514de118cc53bace117

  • SHA256

    b2ea2db85701beaa20360d20e80b51c19dc47ca4317825c8b33cf5aebb9f989f

  • SHA512

    1e893025244ce579f1e211d1918af94cab46f3ab235be5233cf47c923e1e3f6d0d46f02eee061ea3d32c9c6df54c14d4d0dc79a810b0efe7c91c64cbd8e94126

  • SSDEEP

    786432:tCQ19npbuoEFfpMz6/fERvqf1Oct3zC/XwmSUbdUceEt77cWYNSUl4s/86Dgrhti:fnluo+2+/fYK1Of/L6WYcc4shgr3jTbG

Score
10/10
lampionbankerevasionpersistencetrojan

Malware Config

Targets

    • Target

      windows.exe

    • Size

      5.3MB

    • MD5

      6fd40c6b89a1719188980d7550fc37fc

    • SHA1

      7e40eaca74b67de2d0cec3046ff25a9102b88560

    • SHA256

      fa967cdd39a4a0bbb104c1723966c81f6c58e3dba6f8ff3371143512b5ce35ea

    • SHA512

      99ebfb328b117041d4feaebe80fa7b4dbeb280daa4e51bd59aef73dce683ab4b292b44c3410b59bec42c5f4e676bb9eb822bd1469a2fdcc8929b8fb9af80fc12

    • SSDEEP

      98304:U/wN6vaQpuq4Tj0TgTQ4M+7LWVNtVPOK2Q3JAH24O6V6DsFR708u:C+VpsTn4h3AYOg2J6Io0l

    Score
    10/10
    lampionbankerevasionpersistencetrojan

    • Lampion

      Lampion is a banking trojan, targeting Portuguese speaking countries.

      trojanbankerlampion

    • Identifies VirtualBox via ACPI registry values (likely anti-VM)

      evasion

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Adds Run key to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    behavioral1behavioral2

    • Target

      winvetxvdf33

    • Size

      89.4MB

    • MD5

      7ae5b871adf23e664bcaa2f0ec561426

    • SHA1

      85d2f4babeffbcae18c518d0fb0c6d9d040fe453

    • SHA256

      52dbc942b17fd3a618c970929abaead0a257e67b46b73545f74bab7b6c4a0286

    • SHA512

      f8de50b722c4076d4711822de1c430314032c22a3015edf0ff0aac2cb1b74506628a8190d1e89fb093b1958d831b2dbbef762fd79e7b33622ac9898c6b4103a7

    • SSDEEP

      786432:i+3Sx3qBAPlNTESksRl0mITsapogDtLIBlsn4U9wlOxngm+Zu6:/SgavcsRfNapeBl6N9wYdZt6

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks