Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Locked Ransomware


itsMe

Recommended Posts

This is the hidden content, please

In this project I created a Ransomware with Python. I used advanced VM evasion techniques, combined with a very strong encryption.

Getting Administrator Privileges

This program uses UAC bypass to get administrator privileges if the user won't give the program the necessary privileges.

Evading Detection

    Checking for Physics components like: Fans, CPU cores...
    Checking for Registry keys and certain files.
    Checking for certain MAC addresses.
    Checking for running services and tasks.

Encryption

I used AES-RSA with a 512 bits key, (Decrypting 256 key would approximatly take 2.29 * 10^32 years).

How the Ransomware works

First the program checks if it has admin privileges, if no use the UAC bypass to get the necessary privileges.

Then it checks for a testing environment, if it finds one, it will delete itself from the system, else it checks if it already run before. If yes then it checks if currently running on safe mode: No, enter safe mode, yes, Start encrypting.

If it didn't run before then the program writes it self to the registry, reboots into safe mode, and auto starts.

Other explanation:

    Do I have admin privileges?
        YES, Am I running on some testing environment?
            YES, Delete itself from the system
        No, Have I run before?
            YES, Am I inside safe mode?
                YES, start the ransomware
                NO, restart into safe mode
            NO, Write myself to the registry and restart into safe mode
    NO, Use UAC bypass and start all over again

Disclaimer
Use this project for educational purposes only.
This is a very harmful project with no option to retrieve the data once executed.
I am NOT responsible for anything that you do with this project.

This is the hidden content, please

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.