216.73.216.86

Beyond Signatures: Detecting Lumma Stealer with an ML-Powered Sandbox

· Published 25/09/2025 23:21 · Modified 26/09/2025 11:41

Export JSON

Essential information

Published
25/09/2025 23:21
Modified
26/09/2025 11:41
Tags
2025-09-25 anti-analysis autoit evasion techniques lumma stealer machine learning nsis persistence sandbox
Related entities
1 observables, 9 techniques (mitre), 1 malware, 3 others

Description

This analysis focuses on a new variant of , a malware that reemerged after a brief hiatus following a law enforcement operation. The article details the malware's code obfuscation, , and mechanisms. It describes Netskope's -based detection approach, which utilizes a Cloud enhanced with ML models to analyze runtime behavior, process trees, and other features. The specific sample analyzed is an installer file that abuses for malicious purposes. The malware employs various techniques and establishes through the Windows Startup folder. Netskope's multi-layered threat protection system successfully detected this variant.

External references