Overview

overview

10

Static

static

1

Factura-Ja...25.pdf

windows7-x64

1

Factura-Ja...25.pdf

windows10-2004-x64

1

Factura-Ja...25.vbs

windows7-x64

Factura-Ja...25.vbs

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2db34a93171d1b5053bc368fa88555b0_JaffaCakes118

  • Size

    52KB

  • Sample

    240510-gr6hdaad54

  • MD5

    2db34a93171d1b5053bc368fa88555b0

  • SHA1

    9b7479d5494640634ba05516bf56255e819f9ec7

  • SHA256

    393d5e481f3ae653642be73fee229d0e76ad5c76a9ca52f887a7762c4fd0bbc4

  • SHA512

    93a9044e4a931d6e2db5bfc841bf2ea1d8f549e2223e881b3a032e0fc93c768528defe881ad015cfe6644f9a8186a5b470738c34eae9a4fa4ad7ddc2a8fc5fc7

  • SSDEEP

    768:eieYkrdzeol1MFPJkEqWpKmL38McuEYZUTNAtJOnKbw/yrFHgtvMk308gbfk6JA:eietl1MhJkE5t8MOiiKbV2yIqbfXJA

Score
10/10
lampionbankertrojan

Malware Config

Targets

    • Target

      Factura-Janeiro-2145892315-2019-10_25/Factura-Janeiro-2145892315-2019-10_25.pdf

    • Size

      1KB

    • MD5

      e48bc8e4be510923e076bfb5fd051c99

    • SHA1

      e9b9fe3bb748ce8675c0d6d85b1ac88b00f9d421

    • SHA256

      6b739e9916ce80c6c041ef2576780ef40e6146c23efe06f4c7d497350b992d3d

    • SHA512

      a1703707054110a9b9796007a8a72b557745784b103aad0e0c413abc84d352d221472ef01309111fe52e1b064f7b489efbefd553597556de25a30e4de7f40336

    Score
    1/10
    behavioral1behavioral2

    • Target

      Factura-Janeiro-2145892315-2019-10_25/Factura-Janeiro-2145892315-2019-10_25.vbs

    • Size

      24KB

    • MD5

      bbb4e37dc7a24682f9df59f585d3d39c

    • SHA1

      2a7083c11a32e63d6bab56f735a8b44b3759fafa

    • SHA256

      67508f5f5648be4ef1dcba284592fc1215efdfa90221c01fbda1069a46c956cc

    • SHA512

      6647ea9b16328409c198144be14615983ed89ef9d9243d84a2826fc85b4e4eb72048831d8315e3ccdbc40738d5ecd5249cc718b5bcfbe07fd7847357ca506b33

    • SSDEEP

      768:K3fvCAhLiqxEns40jnqwQRF0T3nf3ZHmao:MpC07qwQ3sXf3hmF

    Score
    10/10
    lampionbankertrojan

    • Lampion

      Lampion is a banking trojan, targeting Portuguese speaking countries.

      trojanbankerlampion

    • Blocklisted process makes network request

    • Drops startup file

    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

2
T1112

Subvert Trust Controls

1
T1553

Install Root Certificate

1
T1553.004

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks