logo
Questions? +1 (202) 335-3939 Login
Set Up FREE Account Submit Release
Trusted News Since 1995
A service for global professionals · Tuesday, July 1, 2025 · 827,437,961 Articles · 3+ Million Readers
Got News to Share? Send 2 FREE Releases
News Search | All News Topics > Australian Securities Exchange News Topics: By Country | By State ; Press Releases by Industry Channel > All Australian Securities Exchange Press Releases

ANY.RUN Releases Technical Analysis of DEVMAN Ransomware Built on DragonForce RaaS

DUBAI, DUBAI, UNITED ARAB EMIRATES, July 1, 2025 /EINPresswire.com/ -- ANY.RUN, a trusted provider of cybersecurity solutions, has published a new technical analysis revealing a ransomware variant that blends traits of DragonForce and Conti families with indicators of a newer actor known as DEVMAN.

๐ƒ๐„๐•๐Œ๐€๐: ๐€ ๐๐ž๐ฐ ๐“๐ก๐ซ๐ž๐š๐ญ ๐€๐œ๐ญ๐จ๐ซ ๐“๐š๐ซ๐ ๐ž๐ญ๐ข๐ง๐  ๐„๐ง๐ญ๐ž๐ซ๐ฉ๐ซ๐ข๐ฌ๐ž๐ฌ

DEVMAN is a relatively new actor has recently emerged under this name, featuring its own Dedicated Leak Site (DLS) called Devmanโ€™s Place, a separate infrastructure, and nearly 40 claimed victims, primarily in Asia and Africa, with occasional incidents in Latin America and Europe.

๐ƒ๐„๐•๐Œ๐€๐ ๐‘๐š๐ง๐ฌ๐จ๐ฆ๐ฐ๐š๐ซ๐ž: ๐€ ๐‡๐ฒ๐›๐ซ๐ข๐ ๐“๐ก๐ซ๐ž๐š๐ญ

The analyzed sample, initially labeled as DragonForce by antivirus engines, was revealed to be a lightly modified build. It appends the โ€œ.DEVMANโ€ extension to encrypted files, scrambles filenames using a deterministic function, and, due to a builder flaw, encrypts its own ransom notes before victims can read them.

๐Š๐ž๐ฒ ๐…๐ข๐ง๐๐ข๐ง๐ ๐ฌ ๐จ๐Ÿ ๐ญ๐ก๐ž ๐ƒ๐„๐•๐Œ๐€๐ ๐€๐ง๐š๐ฅ๐ฒ๐ฌ๐ข๐ฌ ๐ˆ๐ง๐œ๐ฅ๐ฎ๐๐ž:

ยท ๐—Ÿ๐—ผ๐—ฐ๐—ฎ๐—น ๐—ฒ๐˜…๐—ฒ๐—ฐ๐˜‚๐˜๐—ถ๐—ผ๐—ป: No external C2 traffic was detected; all behavior is confined to the local system.

ยท ๐—ฆ๐— ๐—• ๐—ฝ๐—ฟ๐—ผ๐—ฏ๐—ถ๐—ป๐—ด: The sample attempts to access hardcoded SMB shares such as ADMIN$.

ยท ๐—–๐—ผ๐—ป๐˜๐—ถ-๐˜€๐˜๐˜†๐—น๐—ฒ ๐—ฝ๐—ฒ๐—ฟ๐˜€๐—ถ๐˜€๐˜๐—ฒ๐—ป๐—ฐ๐—ฒ: The use of mutexes and the Windows Restart Manager mirrors tactics from Conti and DragonForce campaigns.

To explore the full technical breakdown and see how DEVMAN behaves inside the sandbox, visit the ANY.RUN blog.

๐€๐›๐จ๐ฎ๐ญ ๐€๐๐˜.๐‘๐”๐

ANY.RUN offers a comprehensive suite of cybersecurity solutions, including their Interactive Sandbox and advanced Threat Intelligence services. Trusted by over 15,000 companies worldwide, ANY.RUN enables dynamic malware analysis across Windows, Linux, and Android systems.

In addition to sandboxing, ANY.RUN provides Threat Intelligence Lookup, Feeds, and YARA Search, helping security teams detect, investigate, and respond to threats with greater speed and accuracy.

The ANY.RUN team
ANYRUN FZCO
+1 657-366-5050
email us here
Visit us on social media:
LinkedIn
YouTube
X

Powered by EIN Presswire

Distribution channels: Banking, Finance & Investment Industry, Business & Economy, Companies, IT Industry, Technology

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.

Submit your press release

Australian Securities Exchange News Today by EIN Newsdesk & EIN Presswire (a press release distribution service)

Follow us on Facebook and connect with us on LinkedIn

Newsmatics Inc., 1025 Connecticut Avenue NW, Suite 1000, Washington, DC 20036 · Contact · About

© 1995-2025 Newsmatics Inc., a publisher of EIN News · All Rights Reserved · Privacy Policy · User Agreement