Malware Analysis Mamona: Technical Analysis of a New Ransomware Strain

SUMMARY :

Mamona is a newly identified commodity ransomware that operates entirely offline, with no observed Command and Control channels or data exfiltration. It uses custom local encryption routines and employs an obfuscated delay technique involving a ping to 127.0.0.7. The ransomware encrypts user files, renames them with the .HAes extension, and drops ransom notes in multiple directories. Despite false claims of data leaks, analysis confirms no actual exfiltration occurs. A working decryption tool has been identified, enabling file recovery. Mamona's simplicity and offline nature make it harder to detect through conventional network-based defenses, highlighting a trend towards easy-to-use, builder-based ransomware that prioritizes accessibility over sophistication.

OPENCTI LABELS :

ransomware,encryption,mamona


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Malware Analysis Mamona: Technical Analysis of a New Ransomware Strain