216.73.217.80

Analysis of the Lumma infostealer

· Published 27/11/2025 18:43 · Modified 21/12/2025 18:26

Export JSON

Essential information

Published
27/11/2025 18:43
Modified
21/12/2025 18:26
Tags
2025-11-27 autoit credential-theft infostealer lumma maas nsis phishing process-hollowing windows
Related entities
3 observables, 11 techniques (mitre), 1 malware, 3 others

Description

The is a sophisticated malware distributed as Malware-as-a-Service, targeting systems. It primarily steals sensitive data such as browser credentials, cryptocurrency wallets, and VPN/RDP accounts. is often used in the initial stages of multi-vector attacks, including ransomware and network breaches. The malware is distributed through sites, disguised as pirated software, and uses complex techniques like packaging, scripts, and process hollowing to evade detection. To combat this threat, organizations should implement behavior-based detection systems and integrate threat intelligence into their security strategies.

External references