mDeployer

Malware updated 5 months ago (2024-11-29T13:57:46.363Z)
Download STIX
Preview STIX
mDeployer is a malicious software (malware) that was first observed during ransomware incidents targeting US companies in July 2024. The malware, part of a new toolkit, consists of two main components: a loader named MDeployer and an Endpoint Detection and Response (EDR) killer called MS4Killer. This toolkit, along with Embargo's ransomware payload, are all written in Rust, suggesting this programming language is the preferred choice for the group's developers. MDeployer serves as the primary loader that the Embargo group attempts to deploy on victims' machines within the compromised network. It has demonstrated the ability to adapt its tools during an active intrusion based on specific security solutions, indicating a high level of sophistication and adaptability in the malware's design and function. After the ransomware completes its encryption process, MDeployer terminates the MS4Killer process, deletes the decrypted payloads, and a driver file dropped by MS4Killer. It then reboots the system, making it a particularly destructive piece of malware. These actions underscore the significant threat posed by mDeployer, necessitating robust and adaptive countermeasures from cybersecurity professionals.
Description last updated: 2024-10-29T19:58:24.335Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Loader
Ransomware
Ransomware P...
Payload
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The MS4killer Malware is associated with mDeployer. MS4Killer is a highly sophisticated malware that was observed in ransomware incidents targeting US companies in July 2024. It is part of a new toolkit developed by the Embargo group, which includes MDeployer, a loader designed to deploy Embargo's ransomware and other payloads, and MS4Killer, an EndpUnspecified
3
Source Document References
Information about the mDeployer Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
BankInfoSecurity
6 months ago
ESET
6 months ago
InfoSecurity-magazine
6 months ago