Shulou(Shulou.com)06/01 Report--

This article is to share with you about how to use Python blackmail software development platform DeathRansom. The editor thinks it is very practical, so I share it with you. I hope you can get something after reading this article.

DeathRansom

DeathRansom is a ransomware platform based on Python, the ransomware generated by DeathRansom will have powerful bypass technology, this tool is only for educational purposes, please do not use it for malicious behavior.

What is blackmail software?

Ransomware is a kind of malware that encrypts all files in the target device and displays the ransom request information to the user, where the attacker will show the amount of ransom to be paid. It is generally required to pay in bitcoin, and then set a final time to decrypt the file, of course, the attacker may also delete the target user's file directly.

Tool operation mechanism

First, the tool script will determine whether the current blackmail software is in an environment such as sandboxie, debugger, and virtual machine, and try to bypass them.

Next, the tool starts encrypting the target file with the root path defined on line 60 of the deathransom.py script.

Finally, the tool downloads the blackmail request script, disables the target device's CMD command line tools, task manager, and registry tools, and then starts a timer to delete the target file.

Tool use

First of all, the majority of researchers need to clone the project source code locally using the following command:

Git clone https://github.com/ReddyyZ/DeathRansom.git

Next, change to the project directory and run the following command to install the dependent components:

Pip install-r requirements.txtpython3-m pip install PyQt5

Next, use the following command to generate the key and upload the public key to pastebin, copy the original link, and then change the site address on line 7 of the deathransom.py:

Python generate_key.py

Convert time_script.py and main.py into exe files. Here, you need to use the Python2 version of pyinstaller to convert time_script into exe files:

Pyinstaller-onefile-windowed

In order to convert the main.py file of the blackmail request, we need to use the Python3 version of pyinstaller:

Pyinstaller-onefile-windowed main.py

Finally, upload the generated script file to any file hosting service and modify the links in lines 28 and 31 of the deathransom.py file. Then use the Python2 version of pyinstaller to convert deathransom.py to an exe executable.

Bypass technical decompilation

Create multiple variables to make decompilation more difficult to implement.

Reverse debugger

Use the ctypes function windll.kernel32.IsDebuggerPresent () to determine whether the debugger is active.

Anti-virtual machine

Determine whether the MAC address of the target device is the same as the standard virtual machine MAC address.

Anti-sandboxie

Through a variety of methods to detect whether the current environment is sandboxie environment.

How to edit extortion information

To edit extortion information, users also need to install PySide2. Next, open the main.ui file, and then modify the extortion information according to your needs.

Tool demo video

Video address: https://www.*******.com/watch?v=N3Km-TpPBp0

PT-BR demo video

The above is how Python blackmail software development platform DeathRansom is used. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.