GitHubRansomware

GitHub open source ransomware: github.com/nguyenvietphat/Ransomware. .NET based, AES+RSA hybrid encryption, VSS deletion with vssadmin/wbadmin/wmic. It was published for educational purposes but can be used for real attacks.

Threat Profile
Type Ransomware
Programming LanguageC#/.NET
C2 Protocolcustom
First Seen2023
Targets Kuresel
Purpose / Capabilities
  • Ransomware (Educational)
No C2 servers have been identified for this family yet.

Research Reports (1)

Medium

GitHubRansomware 3ea6df18 -- nguyenvietphat-Ransomware AES-RSA-encrypt vssadmin-delete-shadows wbadmin-delete-catalog-quiet winget-git-install svchost-exe ToBase64String torrent-spreading | Orta

GitHubRansomware 3ea6df18 PE32 .NET x86 289KB. Acik kaynak: github.com/nguyenvietphat/Ransomware. AES+RSA. vssadmin delete shadows + wbadmin delete catalog. svchost.exe.

Read Report →