A next generation of ransomware. Fully written using a .Net Framework + C&C System
Created By: Guilherme Bacellar Moralez
This code is created and maintened only for a research proposal. Please do not use for other proposes.
Please, do not run the code with a release profile. It can be seriously dangerous. Really!
This project has a 2 main objectives:
-
Malware Side
- Prove that's possible to write a viable "product" using the .Net Framework
- Prove that is hard and painfull to anti-virus to detect this kind of virus
- Understand the execution enviroments
- Understand the technical challenges to create a real and operational ransomware
- Provide code and samples to AV companies and Security researchers
-
C&C (Command and Control) Side
- Build a state of art C&C system, using the latest tecnologies to prevent the backend hijack and invasion
- Create a viable, safe and secure comunication channel between the malware and C&C infrastructure without using SSL certificates
- Build a reversion proof C&C database system, using a in-memory storage and advanced cryptographic algorithms
Attention: The Ransomware execution is locked using a hard coded rule to run (hijack files) at d:\temp - Locate the "ConfigurationManager.cs" for more informations.
To Hijack Files: Just run the binary (GoogleUpdate.exe)
To Restore Files: Run (GoogleUpdate.exe --decrypt)