Home

White Paper

Weaxor: Rebranded Mallox Ransomware with a Unique Payload Delivery Method

Weaxor: Rebranded Mallox Ransomware with a Unique Payload Delivery Method

Seqrite
Pages 18 Pages

This white paper investigates Weaxor ransomware, a rebranded variant of Mallox targeting vulnerable Microsoft SQL servers. It explains how attackers leverage sqlps.exe, obfuscated PowerShell, and Cobalt Strike shellcode for stealthy payload delivery. The document analyzes multiple payload stages, AMSI bypass techniques, process injection, and encrypted communications with C2 servers. It highlights advanced obfuscation and anti-analysis methods used to evade defenses. The paper concludes with IOC details and defensive insights to help organizations detect and mitigate SQL-based ransomware attacks.

Join for free to read

You Might Also Like


Mallox Ransomware: Tactics, Evolution, and Technical Analysis
White Paper Mallox Ransomware: Tactics, Evolution, and Technical Analysis
Seqrite

Zscaler ThreatLabz 2023 Ransomware Report
Report Zscaler ThreatLabz 2023 Ransomware Report
Zscaler

Increasing payload capacity six-fold and simplifying authentication with AWS API Gateway
Case Study Increasing payload capacity six-fold and simplifying…
Marlabs

RANSOMWARE
Ebook RANSOMWARE
Nasuni

More from Seqrite


Mallox Ransomware: Tactics, Evolution, and Technical Analysis
White Paper Mallox Ransomware: Tactics, Evolution, and Technical Analysis
Seqrite

Analyzing the REvil Ransomware Attack
White Paper Analyzing the REvil Ransomware Attack
Seqrite

Operation SideCopy: Targeted Cyber Espionage Campaign
White Paper Operation SideCopy: Targeted Cyber Espionage Campaign
Seqrite

Hackers Widely Abusing Excel 4.0 Macro to Distribute Malware
White Paper Hackers Widely Abusing Excel 4.0 Macro to Distribute Malware
Seqrite
© 2026 Contentree.  All Rights Reserved   |   Privacy and Cookies   |   Legal   |   Do not sell my info