Targeted Private Ransomware Builder

[Aesculapius]

Added:

 

Multi-Threading encryption.

Recycle Bin erasing before encryption is started.

Edited by Aesculapius, 31 January 2021 - 05:24 PM.

[Aesculapius]

Updates:

 

--Added ARP listing (LAN IP addresses that are alive will be mounted as network drives and encrypted if possible).

--Wake-on-Lan. It will wake-up terminals in the network recently gone to sleep or turned-off (if bios is set accordingly) so they can be encrypted.

Edited by Aesculapius, 31 January 2021 - 05:24 PM.

[dadd011]

 

Characteristics:

 

--Small file size client.

--Builder can steal icons from another executable or load any png or ico file.

--Low antivirus detection without encryption.

--Self delete client after encryption is done.

--Encryption key is erased after encryption which makes very hard to recover the key.

--Strong encryption algorithm.

--File extensions to be encrypted can be configured.

--Decryptor is provided (requires encryption key used at the moment of building).

--Totally configurable: client name, ransom message, ransom filename, encrypted extension, directories to be attacked, BTC address, special directories to be attacked.

--Automatic internet updates.

--Fully Tested in Windows 10.

 

Some technical facts:

 

Functional wise all occurs automatically behind cameras, when the builder is first opened a random key is generated automatically there's a button to change it though if you need to create several ransom files a log file is created containing all created ransom executables info and also each individual decryption key. It is also possible to customize the directories to attack or let the malware encrypt all.
In targeted attacks you could happen to know which directory or directories are better to encrypt and in such case is better to set only those directories because encryption will be faster and the user will have less time to react.
The builder let you also configure the encryption extension so you can add a personal touch to the process like .die or .death or whatever encryption extension you wish to set.
it is also possible to change the ransom note filename and its content however default values are good enough. This builder creates targeted malware clients. Targeted attacks are the new technique in attacks where you don't let your malware to spread randomly instead you strike few valuable computers. This is why the malware once encryption is done will delete itself making forensics harder and key recovery almost impossible.

 

 

 

LAN SPREADING READY:

 

 

Without encryption:

 

 

 

 

 

LIVE NONE FUD SAMPLE TO BE TESTED IN VIRTUAL MACHINE ONLY:

 

https://www.upload.e...er_Fix.rar.html

 

Automatic updates video tutorial:

 

https://vimeo.com/365999651

 

How to use:

 

https://vimeo.com/366370243

 

Unique Dynamic Key per User System:

 

https://vimeo.com/367345566

 

https://shoppy.gg/product/5PnGjxh

 

Contact:

 

Discord Server: https://discord.gg/NfWd3kK

xmpp: aesculapius@xmpp.jp

 

 

thanks as lot hsave to tryout

[Aesculapius]

Change Log:

 

--RootKit 32&64bit

 

--Client expiration option.

 

--LogOn encryption notification.

Edited by Aesculapius, 31 January 2021 - 05:24 PM.

[Creativemind]

bfguykg

[nocay]

 

Characteristics:

 

--Small file size client.

--Builder can steal icons from another executable or load any png or ico file.

--Low antivirus detection without encryption.

--Self delete client after encryption is done.

--Encryption key is erased after encryption which makes very hard to recover the key.

--Strong encryption algorithm.

--File extensions to be encrypted can be configured.

--Decryptor is provided (requires encryption key used at the moment of building).

--Totally configurable: client name, ransom message, ransom filename, encrypted extension, directories to be attacked, BTC address, special directories to be attacked.

--Automatic internet updates.

--Fully Tested in Windows 10.

 

Some technical facts:

 

Functional wise all occurs automatically behind cameras, when the builder is first opened a random key is generated automatically there's a button to change it though if you need to create several ransom files a log file is created containing all created ransom executables info and also each individual decryption key. It is also possible to customize the directories to attack or let the malware encrypt all.
In targeted attacks you could happen to know which directory or directories are better to encrypt and in such case is better to set only those directories because encryption will be faster and the user will have less time to react.
The builder let you also configure the encryption extension so you can add a personal touch to the process like .die or .death or whatever encryption extension you wish to set.
it is also possible to change the ransom note filename and its content however default values are good enough. This builder creates targeted malware clients. Targeted attacks are the new technique in attacks where you don't let your malware to spread randomly instead you strike few valuable computers. This is why the malware once encryption is done will delete itself making forensics harder and key recovery almost impossible.

 

 

 

LAN SPREADING READY:

 

 

Without encryption:

 

 

 

 

 

LIVE NONE FUD SAMPLE TO BE TESTED IN VIRTUAL MACHINE ONLY:

 

https://www.upload.e...er_Fix.rar.html

 

Automatic updates video tutorial:

 

https://vimeo.com/365999651

 

How to use:

 

https://vimeo.com/366370243

 

Unique Dynamic Key per User System:

 

https://vimeo.com/367345566

 

https://shoppy.gg/product/5PnGjxh

 

Contact:

 

Discord Server: https://discord.gg/NfWd3kK

xmpp: aesculapius@xmpp.jp

 

gimme it

[Aesculapius]

Change Log>

 

--New third party backup solutions have been added to the list that will be disabled along with some antivirus services.
--Client now will not only self delete at end of encryption but also physically erase its own sectors in the hard drive to make forensics more difficult.
--A fast files permission changing feature procedure will help capture more files.
--Ransom note will now be copied earlier before the very start of encryption both in windows logon screen as well as in a hidden location where it will be shown in every windows restart. These two measures will help to profit from partially encrypted targets (in case you haven't use persistence option to asure restarting after windows restart or computer turned off).
--New feature will allow to lock user access from his windows account.
--Bootlocker that will show the ransom note at boot level (not available in UEFI Secure Boot protected OS).

Edited by Aesculapius, 31 January 2021 - 05:25 PM.

[Aesculapius]

Change Log:

 

--Startup note improved.

--uppercase exe and dll extensions excluded from scanning in "all files encryption mode".

--Boot Locker option code improved.

--Windows defender signatures removed.

--Added Safe Mode Encryption (for OS that supports it). Its a good method to avoid antivirus interference provided OS can be rebooted into safe mode without user interaction. Encryption is faster in this mode.

After encryption is done, next reboot will be set to normal mode again. LAN shares will also be encrypted in this mode.

Edited by Aesculapius, 31 January 2021 - 05:25 PM.

[Aesculapius]

Change Log:

 

--Added log registry to save the windows LogOn password in case changing it is selected as an option.

--Improved decryptor directories traversing speed.

--Added ability to encrypt impersonating a system process.

Edited by Aesculapius, 31 January 2021 - 05:25 PM.

[sidou06]

best article i read today nice work !!