Derin Analiz - GitHub Open Source Ransomware | Tehdit: ORTA

Dosya Kimligi

SHA2563ea6df18492d21811421659c4cf9b88e64c316f2bef8a19766b0c79012476cac
Boyut289,280 byte PE32 x86 .NET, entropi 4.12, 3 section
Kaynakgithub.com/nguyenvietphat/Ransomware (acik kaynak)

Acik Kaynak Ransomware

GITHUB RANSOMWARE: GitHub'da halka acik kaynak kodlu ransomware - herkes indirebilir!
Kaynak: git clone https://github.com/nguyenvietphat/Ransomware.git\nDosya: Ransomware.exe + Ransomware.bat\n\nSIFRELEMESI:\n  AES_Encrypt / AES_Encrypt_Large <- AES dosya sifrelemesi\n  RSA_Encrypt / encryptionAesRsa  <- RSA-AES hibrit\n  rsaKey <- gomulu RSA anahtari

VSS ve Yedek Silme

vssadmin delete shadows /all /quiet & wmic shadowcopy delete\nwbadmin delete catalog -quiet\n\n=> Geri yukleme noktalarini tamamen siler! Kurtarma imkansiz.

Diger Detaylar

svchost.exe <- hedef surec (enjeksiyon veya gizlenme)\nwinget install --id Git.Git -e --source winget <- Git kurulumu\n.torrent    <- torrent dosyasi yayilma yontemi?\nToBase64String <- payload encode\nURL=file:///   <- yerel dosya erisimi

IOC

SHA2563ea6df18492d21811421659c4cf9b88e64c316f2bef8a19766b0c79012476cac
Kaynakgithub.com/nguyenvietphat/Ransomware
SifrelemesiAES + RSA (encryptionAesRsa)
VSS Silmevssadmin + wbadmin + wmic shadowcopy delete

GitHubRansomware — Malware Profile

GitHub acik kaynak ransomware: github.com/nguyenvietphat/Ransomware. .NET tabanlı, AES+RSA hibrit sifrelemesi, vssadmin/wbadmin/wmic ile VSS silme. Egitim amacli yayinlanmis ancak gercek saldirilar icin kullanilabilir.

Malware Type
Ransomware
Programming Language
C#/.NET
C2 Protocol
custom
Target Systems
Kuresel

Capabilities & Behavior

Dosya Şifreleme (AES/RSA)
Gölge Kopya Silme
Yedek Kaldırma
Fidye Notu Oluşturma
Kalıcılık Sağlama
Ağ Paylaşımı Şifreleme
Anti-Analiz Teknikleri
Çift Gasp (Data Leak)

IOC List (2 indicators)

IOC — GitHubRansomware
# SHA256 3ea6df18492d21811421659c4cf9b88e64c316f2bef8a19766b0c79012476cac # URL https://github.com/nguyenvietphat/Ransomware
TypeValueNote
sha256 3ea6df18492d21811421659c4cf9b88e64c316f2bef8a19766b0c79012476cac
url https://github.com/nguyenvietphat/Ransomware
Tags
github-public-open-source-ransomwarenguyenvietphat-ransomware-githubaes-encrypt-rsa-encrypt-hybridvssadmin-delete-shadows-all-quietwbadmin-delete-catalog-quietwmic-shadowcopy-delete-recovery-preventionransomware-exe-ransomware-bat-dropperwinget-git-install-git-clonetobase64string-payload-encodesvchost-exe-target-process