itsMe Posted December 4, 2021 Share Posted December 4, 2021 This is the hidden content, please Sign In or Sign Up In this project I created a Ransomware with Python. I used advanced VM evasion techniques, combined with a very strong encryption. Getting Administrator Privileges This program uses UAC bypass to get administrator privileges if the user won't give the program the necessary privileges. Evading Detection Checking for Physics components like: Fans, CPU cores... Checking for Registry keys and certain files. Checking for certain MAC addresses. Checking for running services and tasks. Encryption I used AES-RSA with a 512 bits key, (Decrypting 256 key would approximatly take 2.29 * 10^32 years). How the Ransomware works First the program checks if it has admin privileges, if no use the UAC bypass to get the necessary privileges. Then it checks for a testing environment, if it finds one, it will delete itself from the system, else it checks if it already run before. If yes then it checks if currently running on safe mode: No, enter safe mode, yes, Start encrypting. If it didn't run before then the program writes it self to the registry, reboots into safe mode, and auto starts. Other explanation: Do I have admin privileges? YES, Am I running on some testing environment? YES, Delete itself from the system No, Have I run before? YES, Am I inside safe mode? YES, start the ransomware NO, restart into safe mode NO, Write myself to the registry and restart into safe mode NO, Use UAC bypass and start all over again Disclaimer Use this project for educational purposes only. This is a very harmful project with no option to retrieve the data once executed. I am NOT responsible for anything that you do with this project. This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts