Baphomet – Basic Concept Of How A Ransomware Works
This is a evidence of concept of how a ransomware operates, and some strategies that we normally use to hijack our files. This task is written in C# using the web-main software framework 3.1.The major concept of the code is to make it as readable as doable so that individuals have an idea of how this form of malware functions and performs.
Baphomet characteristics
- AES algorithm for file encryption.
- RSA encryption to encrypt important.
- Automatic propagation by way of USB.
- Hybrid encryption system.
- Enumeration of procedures to destroy those people picked.
- Internet relationship take a look at.
- victim info submissions (General public IP, Domainname, Country, OS.model, Town, Device name, and so forth).
- Plan to decrypt the encryption important.
- Application to decrypt encrypted knowledge.
- Hostname list to deliver the victim’s information (redundancy).
- Would not detected to antivirus plans (Date: 11/30/2020 12:25pm).
- Hardcode impression in foundation64 to change wallpaper (Baphomet graphic).
Dynamic options
- Record of directories we want to navigate.
- Listing of legitimate extensions.
- Host record to which we will send the facts.
- Record of procedures that we want to halt in scenario they are operating.
- Techniques to convert base64 to picture or down load the graphic from a url.
- public critical that will be hardcode to encrypt symmetric critical.
Tailor made arrays & var
- Directories we want to encrypt > file: Application.cs line: 25
- Valid extensions to encrypt > file: /Utilities/Crypt.cs line: 31
- Procedures that we want to quit > file: /Utilities/Diagnostics.cs line: 18
- (RSA) Community crucial that encrypts the symmetric vital > file: /Utilities/CryptRSA.cs line: 14
- Hostnames where by we will obtain the vicma data > file: /Utilities/NetInfo.cs line: 65
! In our hosts we ought to have an picture to attain a response position 200.
Assignments
- Baphomet = venture to encrypt information.
- BpahometDecrypt = undertaking to decrypt documents.
- rsa = below we crank out rsa keys to encrypt symmetric crucial with which we encrypt the data files, Also decrypt the symmetric essential that is generated in the victim.
Debug examination
twitter account: @Chungo_
