216.73.216.67

Malware Analysis Mamona: Technical Analysis of a New Ransomware Strain

· Published 07/05/2025 10:43 · Modified 07/05/2025 21:13

Export JSON

Essential information

Published
07/05/2025 10:43
Modified
07/05/2025 21:13
Tags
2025-05-07 encryption mamona ransomware
Related entities
4 techniques (mitre), 1 malware

Description

is a newly identified commodity that operates entirely offline, with no observed Command and Control channels or data exfiltration. It uses custom local routines and employs an obfuscated delay technique involving a ping to 127.0.0.7. The encrypts user files, renames them with the .HAes extension, and drops ransom notes in multiple directories. Despite false claims of data leaks, analysis confirms no actual exfiltration occurs. A working decryption tool has been identified, enabling file recovery. 's simplicity and offline nature make it harder to detect through conventional network-based defenses, highlighting a trend towards easy-to-use, builder-based that prioritizes accessibility over sophistication.

External references