New Marsilia Ransomware Downloader Found

This week, the SonicWall Capture Labs threat research team analyzed a sample of Marsilia malware, also known as Mallox. This is a multi-stage sample that, when functional, will have a first stage that enumerates system information and creates persistence. The second stage is then downloaded and will perform data extraction and encryption for ransomware purposes.

This is an article about a new Marsilia ransomware downloader. It discusses technical analysis of the downloader and SonicWall Capture Labs’ protection against it.

Highlights

  • The article discusses technical analysis of a new Marsilia ransomware downloader.
  • The downloader is a multi-stage sample that enumerates system information and creates persistence.
  • It then downloads a second stage that performs data extraction and encryption.
  • SonicWall Capture Labs provides protection against this threat.