HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

C# AWare - PoC Ransomware with Coinbase Commerce integration

Status
Not open for further replies.
itsMe

itsMe

*KillmeMories*
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Jan 8, 2019
Messages
56,605
Solutions
2
Reputation
32
Reaction score
100,451
Points
2,313
Credits
32,570
‎6 Years of Service‎
 
76%
68747470733a2f2f73686172652e62696974657a2e6465762f692f6774776f372e676966


PoC Ransomware with Coinbase Commerce integration built on C# .NET Framework (console) and PHP.

AWare — C# Ransomware

Ransomware with automatic Coinbase Commerce integration created in C# (Console) and PHP

PD: AWare is just a proof of concept, with this, you can read the encryption and see how it is used, and thus prevent a real one.

About

Ransomware is a type of virus that prevents access to user files on their computer, encrypting them, until the user pays a ransom, in this case, $100, after payment, the program will automatically verify the status and decrypt the data of the user, to later close the process.

How does it work

When the .EXE is opened, a request is sent to the PHP script, with a unique ID of the computer and the name, the server, creates a session, creates a password (with which the user's files will be encrypted) and a secret key with which it encrypts the password, sending it encrypted to the client, the program decrypts the encrypted password and encrypts the files on the computer, reading the bytes of the files and encrypting them, to later be saved with an .AWare extension, e.g, if you have a Image with the name cat.jpg, it will be encrypted and saved with the name cat.jpg.AWare, after that, you are redirected to a page with your session ID, the 'victim' clicks the 'Pay' button and a Coinbase order is generated, while the program sends requests to the server every 10 seconds looking for any payment made under that session, when the payment is completed, AWare will decrypt all the files with the '.AWare' extension and rename them, and your image cat.jpg.AWare, it will return to cat.jpg .

Requirements

    PHP 7.0 or Higher
    Coinbase Commerce Account
    MySQL

Note

This is a concept of a real ransomware operation, AWare is only created for educational purposes.

If you find any problem in the process, you can notify me, as well as if you want to improve the code or add something to it (I know you won't), you can do pull request.

To see this hidden content, you must like this content.
 
Status
Not open for further replies.
Back
Top