Mallox ransomware: in-depth analysis and evolution
Sept. 4, 2024, 6:49 p.m.
Tags
External References
Description
Mallox is a sophisticated ransomware family that emerged in 2021 and has since evolved into a Ransomware-as-a-Service (RaaS) operation. Initially targeting specific companies, it transitioned to a more generic approach, likely as part of its RaaS model. The malware employs complex encryption schemes, including elliptic-curve cryptography and ChaCha20, which have been modified over time to address vulnerabilities. Mallox targets various countries, with Brazil, Vietnam, and China being the most affected. The RaaS operates on a profit-sharing model, offering up to 80% to affiliates with access to large networks. The group actively maintains a data leak site and negotiation portal on the dark web, and uses social media to publicize their activities and attract new affiliates.
Date
Published: Sept. 4, 2024, 4:31 p.m.
Created: Sept. 4, 2024, 4:31 p.m.
Modified: Sept. 4, 2024, 6:49 p.m.
Indicators
df64e87ecb30f4cadf54f2c1b3d3cba8cc2d315db0fd4af2d11add57baa56f6a
db12aacbc394e441e23c1e1d9ce25ca354a554d7362b399e6d0e33770f0e98fe
c4ff97dfb8e0523cc97b6e2987f71e678f1aea05f65ec934e292bb7f0ecc985e
e92f5d73a8cb1aa132602d3f35f2c2005deba64df99dcfff4e2219819ab3fffd
0427a9f68d2385f7d5ba9e9c8e5c7f1b6e829868ef0a8bc89b2f6dae2f2020c4
f7e8a0eac54dd040e2609546fca263f2c2753802ff57e7c62d5e9ccfa04bdb1a
91.215.85.142
Attack Patterns
Remcos RAT
Mallox
Mallox
T1568
T1567.002
T1490
T1059.001
T1567
T1012
T1071.001
T1562.001
T1573
T1491
T1489
T1486
T1082
T1083
T1055
T1132
T1027
Additional Informations
Technology
Healthcare
Energy
Finance
Telecommunications
Manufacturing
Australia
China
Canada
Germany
Brazil