lampion | 8002d87b9e8d6211c4748894cdb039eee927bc5777d3c5db52409e8cbab31715 | Triage

Sharing

General

Target

8681d7bd5c2d5ceff7611cb07ea020c1_JaffaCakes118
Size

11KB
Sample

240531-la9kxsea54
MD5

8681d7bd5c2d5ceff7611cb07ea020c1
SHA1

28827a904d6c9808aa0ba72a1fe2c4a0930ebdf0
SHA256

8002d87b9e8d6211c4748894cdb039eee927bc5777d3c5db52409e8cbab31715
SHA512

b6891de86f450b06e19a76ee6488d61b5af326dc076475c87d64b64c053baca00c4d8a8ad80fe73e67ca032593e49e4c932e4531a619d4bc3262eb9db7d61d4b
SSDEEP

192:E9FeVYIAvL5ojSBcaRZpA4zeOI4KhMort6lI4Ob6F7Nz1lSA9HYBzv++365q:EeVaqjSBd64KXtD4ObUTSA9y3kq

Score

10^/10

lampion banker trojan

Malware Config

Targets

- Target
  
  8681d7bd5c2d5ceff7611cb07ea020c1_JaffaCakes118
- Size
  
  11KB
- MD5
  
  8681d7bd5c2d5ceff7611cb07ea020c1
- SHA1
  
  28827a904d6c9808aa0ba72a1fe2c4a0930ebdf0
- SHA256
  
  8002d87b9e8d6211c4748894cdb039eee927bc5777d3c5db52409e8cbab31715
- SHA512
  
  b6891de86f450b06e19a76ee6488d61b5af326dc076475c87d64b64c053baca00c4d8a8ad80fe73e67ca032593e49e4c932e4531a619d4bc3262eb9db7d61d4b
- SSDEEP
  
  192:E9FeVYIAvL5ojSBcaRZpA4zeOI4KhMort6lI4Ob6F7Nz1lSA9HYBzv++365q:EeVaqjSBd64KXtD4ObUTSA9y3kq
Score

10^/10

lampion banker trojan
- Lampion
  Lampion is a banking trojan, targeting Portuguese speaking countries.
  trojan banker lampion
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lampionbankertrojan