Overview

overview

10

Static

static

1

Comprovati...23.vbs

windows7-x64

Comprovati...23.vbs

windows10-2004-x64

Comprovati...DF.pdf

windows7-x64

1

Comprovati...DF.pdf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    71b41e46658904eb93c45a0999e66dbc_JaffaCakes118

  • Size

    65KB

  • Sample

    240525-mvz3nadh6z

  • MD5

    71b41e46658904eb93c45a0999e66dbc

  • SHA1

    4c28d22d34c0c0b8afcdbff43915d0904e7bb26f

  • SHA256

    cfb3a1ff4101d761ef1f2c1e63fbb6e82587c520caa1c7915d86c912a6f4b424

  • SHA512

    5ebe797e87f05995c303cb1483a60795446bc3f77df39e185b0084a7b4f528abca10b67d90cb505bfefe76e6e8498ed2a6df394db860abbb95c2ac1d7a5d21bb

  • SSDEEP

    1536:mmRbZgWqbuM+QwNiBONzi9CXIhDO2pQxSq1U5lLl:BbZg5buMCNew4h5pYM5Rl

Score
10/10
lampionbankertrojan

Malware Config

Targets

    • Target

      Comprovativo-de-transferencia-ID-yq5da6zfj6h-PDF-23/Comprovativo-de-transferencia-ID-yq5da6zfj6h-PDF-23.vbs

    • Size

      24KB

    • MD5

      c66f748e72e6070e0e7a99f1e9b3e29c

    • SHA1

      5f1342f7d84032945cb2cfc0935e2c0a1229d3e8

    • SHA256

      6be47a0e90c156e136a72dd94af8d0217fb4152c0dc6171702ceaa306d62e857

    • SHA512

      153ccaf14b33c62be399db5e05463914b7361ed077f80c821d348639f11c6fa228aa31dda6e7ed9064c63f23715bb28190f92dc838de3a969cf5f9a03b3ab10e

    • SSDEEP

      384:zBuvP5UVtahoAPQVpuNzgGXlU+4Lvoty5x4RSKKY6YcceWDX3SMdcjasjfG5ulvg:QZ4PONrlUvp5+/KYrcc7XXcjaZVV

    Score
    10/10
    lampionbankertrojan

    • Lampion

      Lampion is a banking trojan, targeting Portuguese speaking countries.

      trojanbankerlampion

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    behavioral1behavioral2

    • Target

      Comprovativo-de-transferencia-ID-yq5da6zfj6h-PDF-23/Comprovativo-de-transferencia-ID-yq5da6zfj6h-PDF.pdf

    • Size

      8KB

    • MD5

      f7ad5dd9feeb31189b9cf65e07ecb371

    • SHA1

      d328b987a10515a6ea1acad227ba1889c484f17e

    • SHA256

      81570dcab1575ed776624d9d1366b62f183d3265a7b1d857eaef39cb5f66921b

    • SHA512

      f0fcd3842c4f5e81838e5a08fbba5fca451285de0c759aacdf65ae70a544f3c06b46884572d071041f2363b77ba7a946f4bee3298fed67d77adbd2712cbae27b

    • SSDEEP

      192:fUMLRbpmOIlOqPav0/F29jccrCr/yHFJS9LIsfLOoZ21:fUMtbpmOBSkjccumlyLICLOoS

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks