Lumma Stealer v4: Indirect Syscalls & Anti-Sandbox

PUBLISHED: MAR 24, 2026

Executive Summary

Lumma Stealer (LummaC2) remains one of the most prolific infostealers in the current threat landscape. This variant (v4.0) demonstrates a significant shift in evasion tactics, moving away from standard Windows API hooks toward the manual implementation of Indirect Syscalls. By bypassing the user-mode hooks typically monitored by EDR solutions, Lumma is able to perform stealthy process injection and credential harvesting.

Technical Deep Dive

[ Pending — analysis in progress ]

Behavioral Analysis

[ Pending — dynamic analysis in progress ]

Network Traffic

[ Pending — C2 traffic capture and Wireshark analysis in progress ]

YARA Rule

[ Pending — signature development in progress ]

Indicators of Compromise (IOCs)

← Back to Reports