November 8, 2022 at 1:07 AM
Hello. I am looking to expand my service to the community and provide an effective method of generating money, as well as a learning experience for many.
I am looking to start active development (on the side of my pre-existing project) on an open-source and fully customisable ransomware / wiper malware.
If you have any wants and needs or suggestions for this please comment below and the thread will be updated with TODO.
It will be developed in C++ and have documentation steps.
Wiper is coded in C# for performance testing
KEY:
- Done
- Not done
TO-DO
- implement MBR hijacking (customise destruction of MBR sector or n/a)
- setup check to see what sort of OS is being run
- implement web-interface for easy access and tracking of victims.
- implement customisable C&C server connections (retrieval of data for extortion)
- code initial wiper for standard wiping (currently it is separate program but in future i will make dropper for it)
- setup optional wiper dropper to prevent windows from restarting in safe-mode (add warning to readme.txt on victim device)
- implement AD AS network spreader (not important right now but will setup at later date)
- implement different architectures - x32 x64 x86_x64 (main distros - Linux, Windows XP - 11/10, mac (later))
- keep file size small
- easy file binding
- use AES-256 encryption over RSA 2048 encryption. (RSA 2048 has smaller bit security than AES-256)
- use invoke obfuscation by default
- forge software signature
- implement sandbox aware option (if in sandbox - run intended file-bound function e.g - pdf file etc)
- add whitelist and blacklist of "bad" and "good" programs to keep running (e.g - processhackers, wireshark, av software)
- setup optional feature "sleeper_agent" - waits set amount of time before activation - good for waiting for spread
- setup means of transportation of files / folders / data (TLS most likely because tor is slow)
- implemented worm feature (network spreader in progress but automatic mail spreader has been set up)
- disable internet when executed
- force UAC on execution
- create temp ransom note
- create GitHub page
For testing I recommend you use a VM. Sandbox aware has not been setup yet so test it out while you can!
This will destroy your computer so be careful.
I have added a worm feature to the development stage to aide in spreading. It is limited to mail connections so far and will be expanded.
