GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → rpgeeganage → file-less-ransomware-demo

rpgeeganage / file-less-ransomware-demo

Licence: other
Demonstrate about file-less malware approach using JavaScript

Programming Languages

javascript
184084 projects - #8 most used programming language
Batchfile
5799 projects

Labels

malwareransomwareransomware-resourcesransom-wormfile-less

Projects that are alternatives of or similar to file-less-ransomware-demo

Hblock
Improve your security and privacy by blocking ads, tracking and malware domains.
Stars: ✭ 724 (+1473.91%)
Mutual labels:  malware, ransomware
Block
Let's make an annoyance free, better open internet, altogether!
Stars: ✭ 1,849 (+3919.57%)
Mutual labels:  malware, ransomware
Malware Samples
A collection of malware samples caught by several honeypots i manage
Stars: ✭ 863 (+1776.09%)
Mutual labels:  malware, ransomware
Ransomware
A POC Windows crypto-ransomware (Academic)
Stars: ✭ 504 (+995.65%)
Mutual labels:  malware, ransomware
Cypher
Pythonic ransomware proof of concept.
Stars: ✭ 178 (+286.96%)
Mutual labels:  malware, ransomware
Ultimate.hosts.blacklist
The Ultimate Unified Hosts file for protecting your network, computer, smartphones and Wi-Fi devices against millions of bad web sites. Protect your children and family from gaining access to bad web sites and protect your devices and pc from being infected with Malware or Ransomware.
Stars: ✭ 606 (+1217.39%)
Mutual labels:  malware, ransomware
Python Ransomware
Python Ransomware Tutorial - YouTube tutorial explaining code + showcasing the ransomware with victim/target roles
Stars: ✭ 96 (+108.7%)
Mutual labels:  malware, ransomware
Hosts
🔒 Consolidating and extending hosts files from several well-curated sources. Optionally pick extensions for porn, social media, and other categories.
Stars: ✭ 19,363 (+41993.48%)
Mutual labels:  malware, ransomware
Malware
Rootkits | Backdoors | Sniffers | Virus | Ransomware | Steganography | Cryptography | Shellcodes | Webshells | Keylogger | Botnets | Worms | Other Network Tools
Stars: ✭ 156 (+239.13%)
Mutual labels:  malware, ransomware
Deathransom
A ransomware developed in python, with bypass technics, for educational purposes.
Stars: ✭ 126 (+173.91%)
Mutual labels:  malware, ransomware
Xeexe Topantivirusevasion
Undetectable & Xor encrypting with custom KEY (FUD Metasploit Rat) bypass Top Antivirus like BitDefender,Malwarebytes,Avast,ESET-NOD32,AVG,... & Automatically Add ICON and MANIFEST to excitable
Stars: ✭ 387 (+741.3%)
Mutual labels:  malware, ransomware
Umbra
A LKM rootkit targeting 4.x and 5.x kernel versions which opens a backdoor that can spawn a reverse shell to a remote host, launch malware and more.
Stars: ✭ 98 (+113.04%)
Mutual labels:  malware, ransomware
Engine
Droidefense: Advance Android Malware Analysis Framework
Stars: ✭ 386 (+739.13%)
Mutual labels:  malware, ransomware
Lime Rat
LimeRAT | Simple, yet powerful remote administration tool for Windows (RAT)
Stars: ✭ 663 (+1341.3%)
Mutual labels:  malware, ransomware
Gonnacry
A Linux Ransomware
Stars: ✭ 341 (+641.3%)
Mutual labels:  malware, ransomware
Blocklistsaggregator
A Python tool that downloads IP block lists from various sources and builds configurations for network equipments and firewalls.
Stars: ✭ 20 (-56.52%)
Mutual labels:  malware, ransomware
Crypter
Crypter - Python3 based builder and ransomware compiled to Windows executable using PyInstaller
Stars: ✭ 268 (+482.61%)
Mutual labels:  malware, ransomware
Cryptsky
A simple, fully python ransomware PoC
Stars: ✭ 304 (+560.87%)
Mutual labels:  malware, ransomware
The Big List Of Hacked Malware Web Sites
This repository contains a list of all web sites I come across that are either hacked with or purposefully hosting malware, ransomware, viruses or trojans.
Stars: ✭ 125 (+171.74%)
Mutual labels:  malware, ransomware
Blackweb
Domains Blocklist for Squid-Cache
Stars: ✭ 189 (+310.87%)
Mutual labels:  malware, ransomware
View All Similar Projects ➔

This is only for Educational purpose.

The purpose of the particular development is to demonstrate on my review paper about file-less malware approach using JavaScript.

Link to the paper: https://www.linkedin.com/pulse/survey-file-less-malware-approach-using-javascript-ruwan-geeganage

3rd party libraries used.sdf

  1. RSA encryption library
  2. Base 64 decoding library
  3. Command line execution mechanism of the Poweliks.

This uses RSA 1024 bit public key to encryption.

This is a POC for a file-less malware approach with JavaScript.

This a Ransom ware.

This ransome ware will encrypt the first 23400 characters in PDF, TXT, DOC, DOCX, XLS inside the Document folder.
eg: C:\Users\Victim\Documents\

Registry entry creation

Encryption Module => HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\e

FileReader Module => HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\f

Decoder Module => HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\d

Public Key => HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pk

Triggering point => HKCU\Software\Microsoft\Windows\CurrentVersion\Run\fileLessRw

Encryption nd File Reader module is stored in Base 64 Encoded format.

Exection module

  1. Commands in the triggering point entry will read the decoder module and execute it.
  2. Decoder reads the File Reader module and decode it then executes it.
  3. File reader module will read encryption module and execute against all the files statisfy the selection criteria.sd
  4. Encrption module reads Public key and use its for encryption.
  5. Encrytion module adds a header to each file to identify any file which already encrypted to avoid encrytion again.

PAYLOAD.JS contains all the code. Other than that, there are no any files involved or created by the malware.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].