lumma | 83d3aef245395dd0ea2083c83a31c078c9f03ce03ef814469551198f479a393f | Triage

Submit
Reports

Overview

overview

Static

static

1

EvdoPac.exe

windows10-ltsc 2021-x64

Sharing

General

Target

EvdoPac.exe
Size

1.5MB
Sample

250103-xl58es1lar
MD5

8b840f3b5249e7f6ed0a4ee2783ee92d
SHA1

5a0b00302f78973f95b18b5067552762d379454f
SHA256

83d3aef245395dd0ea2083c83a31c078c9f03ce03ef814469551198f479a393f
SHA512

1dea0caed131feb170cc09ed7487a2fad0aa13351c880138927a31dfc837332cc2784719a4692d9e756abb743b28b6a6a645cac9adeabed007554d2dc9818b80
SSDEEP

24576:fdH6Z2HNCbGb4tkv+iWeK0rv1qW9aHCj3CAeAw0G9stWlaEhbgLoLCRooCtE:5Eab4pi/qW9qV0GutWbgUW5

Score

10^/10

lumma discovery stealer

Static task

static1

Behavioral task

behavioral1

Sample

EvdoPac.exe

Resource

win10ltsc2021-20241211-en

lumma discovery stealer

windows10-ltsc 2021-x64

17 signatures

300 seconds

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

C2

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Targets

- Target
  
  EvdoPac.exe
- Size
  
  1.5MB
- MD5
  
  8b840f3b5249e7f6ed0a4ee2783ee92d
- SHA1
  
  5a0b00302f78973f95b18b5067552762d379454f
- SHA256
  
  83d3aef245395dd0ea2083c83a31c078c9f03ce03ef814469551198f479a393f
- SHA512
  
  1dea0caed131feb170cc09ed7487a2fad0aa13351c880138927a31dfc837332cc2784719a4692d9e756abb743b28b6a6a645cac9adeabed007554d2dc9818b80
- SSDEEP
  
  24576:fdH6Z2HNCbGb4tkv+iWeK0rv1qW9aHCj3CAeAw0G9stWlaEhbgLoLCRooCtE:5Eab4pi/qW9qV0GutWbgUW5
Score

10^/10

lumma discovery stealer
- Lumma Stealer, LummaC
  Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
  stealer lumma
- Lumma family
  lumma
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Enumerates processes with tasklist
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lummadiscoverystealer

© 2018-2025

Terms | Privacy