Small ransomware awareness campaign with proof of concept…
- Ransomware: type of malware which encrypt all your files.
- Encryption: simple locker which will lock specific files with a key. You can’t unlock them without key.
- Example: Suppose I have data which contains some personal information and also an key. And I encrypt like below:
//Settings...
data = 10
key = 20
//Encryption...
data + key = 30
//You need 2 variable values to recover 3rd value.
//Decryption...
data = 30 - key
data = 20
//You can't recover data without a key.Features
- Tiny around 5–7 KB
- Coded under 100 lines
- Allowed file extension specification.
- Supports .net framework v2.0—5.x
- Supports win7–win10 both 86/64 bit
- AES 32 bit encryption
Configure
First set these all settings in RunSomeAware.cs and then run compiler_v2.0.bat or compiler_v4.0.bat.
C#
- Key: A key to lock or unlock files.
- Crypted File Extension: encrypted files will use this extension. e.g
{ ".graysuit", ".cry" ...};etc. - ParentDirectory: directory where runsomeaware start encrypting files and folders.
- Allowed File Extension: files with specific extension which would be encrypted and other would be skipped. e.g
{ ".png", ".doc", ".pdf", ... };etc. - Encryption Mode: Specify whether you want to encrypt or decrypt files. i.e
Mode.Encrypt or Mode.Encryptetc.
Compiler Example’s
Examples contain various examples showing how to set:
- compiler_Assembly_Changer.bat : Change assembly info details of output execuatble. e.g CompanyName,FileVersion,CopyRight etc
- compiler_Icon.bat : Change icon of output execuatble.
- compiler_Optimize.bat : Optimize output execuatble file size.
- compiler_Run_As_Admin.bat : Make output execuatble to always run as administrator.
- compiler_help.txt : Contains some info about csharp compiler arguments.
Dark Mode
RunSomeAware (this link opens in a new window) by DarkSecDevelopers (this link opens in a new window)
Small ransomware awareness campaign with proof of concept