This week, the SonicWall Capture Labs threat research team analyzed a sample of Marsilia malware, also known as Mallox.
This is a multi-stage sample that, when functional, will have a first stage that enumerates system information and creates persistence. The second stage is then downloaded and will perform data extraction and encryption for ransomware purposes. The sample is detected as a .NET binary protected with SmartAssembly, although the main parts of the files’ operations are still in plaintext.
Read more…
Source: SonicWall Capture Labs