Shulou(Shulou.com)06/02 Report--

This article mainly introduces the example analysis of Golang to achieve blackmail software Bugo, the article is very detailed, has a certain reference value, interested friends must read it!

Background

Recently, through the detection of Qianxin big data platform, more and more malware developers at home and abroad began to use Golang language to develop malware such as remote control and blackmail software.

In the Tongda OA incident not long ago, the attacker used the blackmail software written by Golang and implanted it into the computers of relevant enterprises by pretending to be a plug-in to access OA, successfully bypassing the anti-software software and encrypting enterprise data, causing great losses to the relevant enterprises.

The new blackmail software "Bugo" captured this time is currently being sold in underground forums. The seller said that the contact information and encryption suffix can be customized.

This means that the relevant underground industry groups can generate extortion samples with arbitrary encryption suffixes indefinitely after purchase, and can also be put on the outer layer of several popular obfuscators if the extreme kill-free is considered, which will do great harm. At the same time, in this forum, someone is looking for Arkei Stealer logs tools to be used in the attack process of blackmail software.

Sample analysis

The overall process is as follows:

Copy yourself to the% temp% directory and call CMD to start

Randomly generate the AES key and load the RSA public key, use the RSA public key to encrypt the AES key as the user ID

Traversing the directory

Exclude the following directories

C:\ PerfLogs

C:\ Program Files

C:\ Program Files (x86)

C:\ Windows

The types of encrypted file suffixes are as follows

Encrypted file with the suffix of. [bugbugo@protonmail.com] .bug

Then delete it and pop up the blackmail letter.

The above is all the contents of the article "sample Analysis of Golang's implementation of blackmail software Bugo". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.