frenzyjae.blogg.se - Crypto locker source code

#CRYPTO LOCKER SOURCE CODE ANDROID#
#CRYPTO LOCKER SOURCE CODE CODE#
#CRYPTO LOCKER SOURCE CODE OFFLINE#

#CRYPTO LOCKER SOURCE CODE CODE#

Recovery Code (32-bit key used by victim for recovery purposes).

Note Text (raw text for the “Ransom Note”).

Wallpaper link (link to attackers desired desktop wallpaper).

Extension (extension used for encrypted files).

You are able to configure the following items: The options available in the builder tool are identical to those in the online RaaS portal.

With these pieces in place, along with the appropriate system configurations for general Golang development, the builder will be able to function. There are no connectivity requirements for simply running the builder.Īlso see: Here We GO: Crimeware Virus & APT Journey From “RobbinHood” to APT28 Essentially, this boils down to installing Golang (and related tools) along with the two required open-source components (Wallpaper, FileEncryption). The Project Root builder is a relatively simple tool, based on Chrome.īefore running the tool, users must ensure that their system is properly setup for Golang development.

#CRYPTO LOCKER SOURCE CODE OFFLINE#

Requests file ( req.py) for hosting setupįor our journey today, we will take a high-level look at the offline Project Root builder as well as some of the source code.

Control Panel and DB setup binaries (hosting and management).

FileEncryption: Cross-platform Golang library for encrypting large files using stream encryption.

Wallpaper: Cross-platform Golang library to get/set desktop backgrounds.

Specifically, we have uncovered functional versions of the offline builder as well as portions of the actual source code. It appears as though, with the “Pro” purchase, buyers are provided with source code for the following (in Golang):

#CRYPTO LOCKER SOURCE CODE ANDROID#

According to Project Root’s portal, any ne’er-do-wells who purchased the Windows or Linux offerings will have to pay again if they want the Android packages. Previous “Pro” buyers are not grandfathered into the new offering.Ĭircling back to the Windows and Linux offerings, our research team has recently intercepted additional artefacts associated with the “Pro” package. For $500 USD (as of this writing) you get access to the Android source code and associated portal and management tools. The Android version is offered in a similar way to the Windows and Linux versions. We have continued to monitor Project Root and its related activities. Since our previous post on this subject, Project Root has also launched an Android version of their toolset. This offering is even more attractive given that the threat is written in Golang, which is relatively simple to read, understand and modify, even for those who are not true coders, and which is becoming increasingly popular in crimeware and APT malware.Īlso see: Looking into Ransomware As A Service (Project Root) | Behind Enemy Lines This allows malicious actors to generate their own payloads from the source, fully independent of the established RaaS portal. We have seen this model before with ATOM, Shark and similar.Įven more interesting though is the ability to modify the source, allowing a malicious actor to deviate or modify the threat to suit their specific needs. The major differentiator between the two being anyone who purchases the “Pro” version gets their own copy of the source code, along with a stand-alone builder app. onion TOR-based portal was advertising both a “standard” and “Pro” version of the service. Project Root didn’t so much burst onto the scene in October of this year, but rather had more of a sputtery start…generating non-functional binaries upon the initial launch. However, by around October 15th, we started to intercept working payloads generated by this service.Īt the time, their. A short while back, we highlighted a recent addition to the Ransomware As a Service (RaaS) universe.