RansomLord v2 - Anti-Ransomware Exploitation Tool / New Release
2024-1-5 07:10:14 Author: seclists.org(查看原文) 阅读量:13 收藏

fulldisclosure logo

Full Disclosure mailing list archives


From: hyp3rlinx <apparitionsec () gmail com>
Date: Mon, 1 Jan 2024 17:23:50 -0500

RansomLord v2  - Anti-Ransomware Exploitation Tool

[Description]
RansomLord is a proof-of-concept Anti-Ransomware exploitation tool that
generates PE files, used to exploit vulnerable Ransomware pre-encryption.

Lang: C

SHA256 : 8EA83752C4096C778709C14B60B9735CC68A5971DCDB0028A0BB167550554769

This version now intercepts and terminates malware tested from 43 different
threat groups.
Adding Wagner, Hakbit, Paradise, Jaff, DoubleZero, Blacksnake, Darkbit,
Vohuk, Medusa and Phobus. Two are wipers Wagner and DoubleZero supposedly
used against entities in the Ukraine conflict.

Updated the x32/x64 DLLs to exploit ten more vulnerable ransomware
Added -s Security information flag section

Lamer Security engines may incorrectly flag RansomLord DLLs as malicious!
They are NOT! Win32 API export functions are stubs that simply call exit(1)

Generated exploit DLL MD5 file hashes:
x32: DFFBE7F79077E89197334764FE6882F4
x64: 5B54E12B8B944FDF64C091B0E6588E48

[Download]
https://github.com/malvuln/RansomLord/releases/tag/v2

Malvuln
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/


Current thread:

  • RansomLord v2 - Anti-Ransomware Exploitation Tool / New Release hyp3rlinx (Jan 04)

文章来源: https://seclists.org/fulldisclosure/2024/Jan/1
如有侵权请联系:admin#unsafe.sh