Mallox Evading AMSI

In the past, as blogged here, we have seen that the Mallox ransomware group has been targeting Indian companies since 2022. Recently, we noticed an update in their PowerShell script which is the crux of this blog. PowerShell scripts are an important part of the attack chain of Mallox attackers because after getting initial access to the machine using SQL or RDP, rest of the access like privilege escalation, executing Remcos RAT will be done using PowerShell only.

access amsi attack attack chain attackers blog companies important initial access mallox ransomware malware analysis powershell powershell script powershell scripts ransomware ransomware group script scripts targeting update