Kaspersky GERT experts have discovered in Colombia new Ymir ransomware, which uses RustyStealer for initial access and the qTox client for communication with its victims.
Although the binary does not raise suspicions of being packed, as its entropy is not high enough, the presence of API calls to functions like malloc, memmove and memcmp indicates that it can allocate memory to perform malicious functions.
Allocating memory is suspicious?