lampion | e24579a71df587a0eb35b584ce823fe05ba9dc07b1239834e0d8fc065513e645 | Triage

Sharing

General

Target

ww.zip
Size

64.3MB
Sample

230314-qhxcsahd9w
MD5

ea84c24f3b91b5ee1e9f2bda0ff241e5
SHA1

199ee70db0e7c2ffe7c86c44f4620bb852ead752
SHA256

e24579a71df587a0eb35b584ce823fe05ba9dc07b1239834e0d8fc065513e645
SHA512

377fccc7a4ed5bfe1bef853ea53d7a71bd7190edeeb230169276f499331efeb54de30a439005f8d413efc92a91095dbe0d2b84885d1af54c58427f9cf1d92ed2
SSDEEP

1572864:ZCGV5760Cpr/o+U2CDL+e0MPAUee0L8fu1xMECG7mng80ulDdT7ax/BI6DlSJAMu:lV5DCpr/o12C/XPAUe94u1aECGqngARy

Score

10^/10

lampion banker evasion persistence trojan

Malware Config

Targets

- Target
  
  casarowtt
- Size
  
  89.4MB
- MD5
  
  4a0cb5b23a8525f8f528b6886adf2a99
- SHA1
  
  bd9e8a75e7dc107ab616b6096c825b31fe277a54
- SHA256
  
  586285d193ada7a57f679255585084dd3f216fd16409c68c1d88a7e2e8af02c7
- SHA512
  
  924186c01eaa7ed20c247de8fa778a45e80ebd92757f4de6b32802512763769f82ae42161f13013c033d279d040952aa6d840f03c610e01332f4ee00c246c073
- SSDEEP
  
  1572864:z6IND8VgMOBpUQezl1W+VeiXanwcG1re2fazNEwEtA9l5v:uIis3v
Score

1^/10
behavioral1 behavioral2
- Target
  
  custsat.dll
- Size
  
  33KB
- MD5
  
  1ff80ebe5082a13d02253b415aa26f60
- SHA1
  
  7da7551ec7f3f1e606edf9313595e4ebe45ac8d1
- SHA256
  
  e0088b6361c7ea8e611ba32542beff7ac12955991c82a5fe9ef5d9a97d6ca14f
- SHA512
  
  8c33e9427227835229d27f59206e55cd98c372e6a20981c6b0518a5f9b81c127b0f40276c21adac06a433c1947ab56f7f2166135d184dec1162b5071e3037e90
- SSDEEP
  
  768:8UEt7dso9+bc7m+S45ii3iiHUM6cST2WENZ3gUpSS:LEZyoE/AtXUbcSSWENdgUV
Score

1^/10
behavioral3 behavioral4
- Target
  
  dsssdvreeed55
- Size
  
  89.4MB
- MD5
  
  349469b29044b15479728db1648caa73
- SHA1
  
  a627cac57e680402f09a4f90d93aeaffb513291e
- SHA256
  
  93955773f05cac6f5f449326b3b0bde52d0f9e7ed1b8aa6aa1c7baaf3faabe18
- SHA512
  
  e1f800a6844260a0b1e8c1a9398e5262b675f0bbe70aa0ac05a0d80c7a3f5a9ff1007a64f6811a64d693dae2c3e4d90af75acc3e45003a6c7b8691721b16cdb3
- SSDEEP
  
  786432:zUNDIyixRr1h1KZAN1xwVF6zDYCBg0LL1dtIURNf5:6DtKt1/KeXxMCBhLxdtIUH5
Score

1^/10
behavioral5 behavioral6
- Target
  
  msvcr80.dll
- Size
  
  3.6MB
- MD5
  
  201aab8f194ab13b82ca039a6a9e4a8e
- SHA1
  
  27275cdbf3b4e89430e2faa46ec40fd9790172e0
- SHA256
  
  de0c0334bd84c0b0f3d52b0181842263e46e4e7a3e3b5c3939cfc541c11a81e1
- SHA512
  
  d9c23e3eca7c4937239ec942d45be7a59938de4fed562c7d6c1d1c18746c96c90b099e7b58da876aaef88f2fd2197890a1fd91b6e57b97652767cbd066b90c22
- SSDEEP
  
  98304:p7N760QYYqZMfCG4KRZv9QdqXzKm0s4vB7v:ptmiMfb4KpQdmzIvB
Score

9^/10

evasion trojan
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral7 behavioral8
- Target
  
  windows.exe
- Size
  
  213KB
- MD5
  
  7fb1c5dfc2605843cec69a6fc4e96576
- SHA1
  
  b5e591d23a3798b89648033760d3710a403b32be
- SHA256
  
  330c1d3dd702af11b01ae38ced101e4c4217816e4887e9ebffe2e529cdc857d5
- SHA512
  
  0c62d01a97d01044a7f4083f2cf6a0e18397bc50cc9f0847bf6da2f604d1d89cd3010d005785077aca2d8249f870f2817a6b4d845235cda55ac5519aee5dc1b7
- SSDEEP
  
  6144:QPF/ZUebo8fKrnfc6cU2btV0h7FusG/oImYM:IF/ZzRoImYM
Score

10^/10

lampion banker evasion persistence trojan
- Lampion
  Lampion is a banking trojan, targeting Portuguese speaking countries.
  trojan banker lampion
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Adds Run key to start application
  persistence
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral10 behavioral9

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Virtualization/Sandbox Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

lampionbankerevasionpersistencetrojan

behavioral10

lampionbankerevasionpersistencetrojan