|
Hi guys I am very pleased for the opportunity of being able to offer you my products and services. I have been developing malware for many years and update my products frequently. Thanos Private Ransomware Builder. Here some images: https://i.postimg.cc/JhRDd4MB/2019-1...2-1-Date-2.png [/ img] [img] https://i.postimg.cc/hPSGBZNH/2019-1...on-Options.png [/ img] [img] https://i.postimg.cc/5yfffjKw/2019-1...er-Utility.png [/ img] Ransomware Builder is designed for both individual attacks and companies attacks. These are the main characteristics of the product: --Main aspects. --Low detection rates. Typically 2/26 without a crypter although its advisable to use it. --Works well and it has been thoroughly tested from Windows Server 2008 and up. --Easy to use attractive interface. Creation of a ransomware client is as easy as three steps: 1. Change bitcoin address to collect the ransom, 2. Type email for contact (anonymous email service) and ransom amount, 3. Click Build. Interface has contextual help. Any option where you hover the mouse will indicate how to use. If you make mistakes, the builder will indicate the problem and how to correct it. --Unattended updates. The builder updates automatically without user interaction using our update server. All you need to do to get updated is open your builder and wait for the update be downloaded and restarted. --Strong Encryption system. It is impossible to recover the files without the right keys. We use American Government Encryption standard for communications with a large encryption key AES / RSA combination. Unique encryption key per computer. Even computers in the same network will require a different decryption key. In companies ransomware attacks there is the option for a single key for the whole network too. Encryption algorithm is fast and efficient so encryption will take place very fast. We have rated it at 6000 files / 15 min for single threading version (multi-thread also available). --Configurable ransom note and ransom note filename. The builder includes a pre-configured note where all you need to change is ransom amount and email, however you can change it completely or partially. --Configurable encryption extension and extensions to encrypt. Builder comes with a predefined encryption extension. So all files will be encrypted and renamed to that extension. You can change that so you can give a personal touch to your ransomware like .die or .fun or .encrypted or whatever. Target files extensions can also be configured. A large list of typical companies databases is already set but you can add more if you wish. You also have the option to exclude extensions, as well as not changing extension at all. --Full or partial encryption. Partial encryption size is also configurable. Files over that limit are partial and below are fully encrypted. --Automatic decoder. Decoder is pretty much automatic. All you do is input the decryption key and push decrypt button. --Detailed creation log. Includes ransomware file name, compilation password, bitcoin address for ransom, time of creation and encryption extension, static key if used. --Small size client. Code is on-demand, so different options change client size but it can be from 20-40Kb. --Full offline encryption. --Data Stealer: You can steal sensitive data from the victim before encryption and upload to your ftp controls server. --General options. --Customized icon. You can and should select an icon for your ransomware client. This icon can come from an .ico file or a .png file or you can even steal the icon from any executable file. You have the option of drag & drop the icon file or select it. --Self-Delete: Ransomware client will delete itself after encryption is done to prevent forensic analysis. --Persistence: Ransomware client will survive restarts and continue encryption after that. --Ransomware client can be set tu run as a critical process (produces a BSOD in case you attempt to close it in task manager). --Random Assembly: Ransomware client will be created with all assembly fields filled with random data so it can not be easily flagged by antivirus. --Anti-VM: Client can be set to graciously exit in case it detect it is running in a virtualized analysis environment. --Kill Windows Defender: Client can be set to kill windows defender so it can not be turned back on. --Kill other antivirus. At the moment the ransomware can cripple AVG and Malwarebytes depending on version and Platform. --Kill Windows AMSI. This will ease evasion in case the antivirus uses AMSI technology. --Deceiving message: Show a fake message while melting ta hidden directory. --Unlock operative system locked files. Files blocked by the OS will be released and encrypted. --Client can be set as admin too facilitating the encryption of a larger number of files. --Immortal Process: Client can be set as an immortal process, so not even process hacker or similar tools can terminate it. --Maximum file size to be encrypted can be configured too. Default for companies is 100 Gb but it can be increased. --FTP logger. You can set and ftp server to receive information from victims like Name, IP, number of files affected, time of attack, Unique Key Id of target etc. - Wallpaper changer: The client can download and change the target wallpaper at the very end of encryption process. --Ransom note multiplication. In case the user decides to erase the main ransom note in the desktop, one additional note is created in each directory where encrypted files are located. --Mutex. Ransomware client can be ran only once to avoid double ransom. --Erases Recycle Bin. --Advanced features. --Fully configurable attacks. Ransomware can be set to automatically discover drives (including network and removable) or you can set selective attacks on specific drives or even directories. --LAN Spreading. As this ransomware is designed with companies in mind, it can spread from one computer to another in the same LAN or even from a VM to its host if writing permissions are present. --Strong obfuscation against forensics. Your ransomware client is created already strongly obfuscated so its very complex to analyze or grab any data from it. And even so, detections rates are very low. --Dynamic code. Only the code belonging to the options you select are included in the client. If you un-check an option then that code is dynamically removed. --Polymorphism. No client is identical to the previous one. Code is rearranged and random code is added at different locations in each build. - Different compilation platforms. You can create your client ransomware for an specific platform for better speed and compatibility. --Multi-Threading encryption. --RIPlace technology to encrypt files protected by anti-ransomware defenses. --Partial file encryption with varable size. --Delayed encryption activation. --Optional not changing files extension. --Dynamic key for individuals and static por big corporations (all computers decrypt with same key). --Network disks mounting and Wake on LAN feature. - Ideal for affiliate programs (RSA keys can be created individually for each affiliate). --RIPlace technology to encrypt files protected by MS anti-ransomware technology. --Folder Access Control Disabling. --RootKit. It will hide the ransomware from task manager. Video tutorial (not latest version portrayed): https://vimeo.com/366370243 Multi-threading: https://vimeo.com/374278850 Recycle Bin Erasing: https://vimeo.com/374904312 Wallpaper changer: https://vimeo.com/374727515 Change Log: --Improved RootKit: https://vimeo.com/390314836 --Improved scantime detection: https://antiscan.me/images/result/Aqfvkg2PlIqg.png (This is without crypter. Eset is only a warning so it let run too, so really 0/26). This is not runtime though, so we recommend using a crypter over bare bones ransomware client for optimum results. Affiliate program candidates please make contact. For builder prices visit shoppy store: https://shoppy.gg/@Nosophoros/groups/52A0ACQ Contact: mailto:[email protected] Discord Server: https://discord.gg/NfWd3kK |
vouch for this guy great product |
Change Log: --Improved unlock files procedure. --Improved files stealer. </br></br></br> |
Change Log: --Inmortal Process procedure enforced. --VM Encryption test updated. Total time less than 2 minutes. Files encrypted by extension group. Defender ON Cloud ON. Video: https://vimeo.com/394665877 </br></br></br></br></br> |
|
Change Log: --Added RootKit for both 32&64bit systems. Video demonstration: https://mega.nz/#F!dB4lHTjQ!jrlbMcPD...D6Ung?cQ5B2ZLZ --Added Drag & Drop feature for quick encryption of selected directories when physical or remote access to the target is available. Video demonstration: https://mega.nz/#F!dB4lHTjQ!jrlbMcPD...D6Ung?hc5lwRBJ --Core engine refud. This is without any kind of obfuscation or crypter. Naked core code to put it simple: https://antiscan.me/images/result/rJoL5PJBDjKH.png --Added TaskBar Completed Encryption notification option. Video Demonstration: https://mega.nz/#F!dB4lHTjQ!jrlbMcPD...D6Ung?8JoFjR4D --Added Client expiration option. Very convenient to create your own affiliates program. At due date the client will simply erase itself when ran. Image: https://i.postimg.cc/MKPP2TrQ/2020-0...ower-Point.png --Added Windows LogOn encryption notification feature: https://i.imgur.com/A1W2i8i.png Current DynCheck runtime results on core engine naked code (no crypter, obfuscator): https://i.postimg.cc/150CPJ5C/54d7fe...1f087fc8ff.jpg Videos backup: https://mega.nz/#F!dB4lHTjQ!jrlbMcPDkv2iVMs6qD6Ung |
Change Log: --Enhanced notifications (TaskBar and Windows LogOn) are harder to remove so in superimposed or repeated RDP attacks it is harder for another group to erase you ransomware note and copy their own. Now Enhanced notifications are fully configurable. https://i.imgur.com/rZ2gPjw.png |
Change Log: --Added ability to distinguish or not between lower and uppercase extensions. --Enhanced encryption notifications (TaskBar and Windows LogOn) are now fully configurable). This will help other user not taking over your targets after they are done by replacing your ransomware note. Image: https://i.postimg.cc/DZBzy7V6/KVpxF1x.png --Added a very convenient client expiration option so can really have a good control if you decide to create an affiliates program. |
Change Log: --Added uac bypasser and cloud bypasser also cloud refud. --Drag & Drop improved. --Added more default extensions to encrypt. --Drag & Drop test in windows 7: https://mega.nz/file/MFQQxAzZ#AT6wLz...g30QbIvajSbxeg --Full encryption test in windows 7: https://mega.nz/file/FYRQ2a5a#LGO7hG...L6h56-Hz86HcpA --Added LAN Shares Encryption without mounting drives. |
Change Log: --Improved network connections encryption. --Added optional "all files encryption". Encrypts files independently of file extension producing maximum damage but taking more time to complete encryption (won't affect executables, OS files, system dirs or browser dir). Some Builder Tutorials. Full Auto Mode Decryption: https://mega.nz/file/wch2UCgD#0Rov8E...T1XobndFy1cixI Drag&Drop single file and custom folder decryption: https://mega.nz/file/EcxSGApR#_FXbtU...PfSDScYLxKlhQQ Drag&Drop Encryption tutorial: https://mega.nz/file/MFQQxAzZ#AT6wLz...g30QbIvajSbxeg Full encryption tutorial: https://mega.nz/file/FYRQ2a5a#LGO7hG...L6h56-Hz86HcpA LAN Shares encryption: https://mega.nz/file/gJAjxY4T#_yMZig...0L1hP1c8uj5wQQ |
Change Log. --New third party backup solutions have been added to the list that will be disabled along with some antivirus services. --Client now will not only self delete at end of encryption but also physically erase its own sectors in the hard drive to make forensics more difficult. --A fast files permission changing feature procedure will help capture more files. --Ransom note will now be copied earlier ate the very start of encryption both in windows logon screen as well as in a hidden location where it will be shown in every windows restart. These two measures will help to profit from partially encrypted targets (in case you haven't use persistence option to asure ransomware restarting after windows restart or computer turned off). --New feature will allow to lock user access from his windows account. --Bootlocker that will show the ransom note at boot level (not available in UEFI Secure Boot protected OS). --Some images of the new features: https://i.postimg.cc/T3kmtW58/Uof6de7.png (LogOn Ransom Note configuration) https://i.postimg.cc/yxzSDmtR/QvCaTEz.png (LogOn Ransom Note shown) https://i.postimg.cc/T1q5gyv4/tuT6DQ8.png (User account locked) https://i.imgur.com/rsdjKE3.png (Boot Locked). |
Change Log: --Faster and reliable directory traversing algorithm in the decryptor (create a new one to take advantage of this). --If windows logon password is changed, now ransomware creation log will reflect this password as a reminder. --LAN procedure optimized to perform wake on LAN and LAN spreading in a single pass skipping IP addresses not typically associated with common LAN setups. --Option to skip C drive in the encryption process. In some systems C drive does not contain important data and in some others it does. So you will have the option to skip it or not. --On-the-fly encryption of newly connected drives occurring while the encryption process is on its way (like USB drives, memory cards, thumb sticks, etc.). If new drives are connected during this period they will recruited for encryption too. Each newly connected drive will be handled in a separate encryption thread. --Encryption impersonating system processes using process hollowing (csc.exe in the video, 4 options available): https://mega.nz/file/YIZRFajL#WpmKwR...O_hHcjVUIzqJVU |
looking for this product. Any leads?? |
any feedbacks about the work,please |
Does it work on Windows 10 ? |
| All times are GMT. The time now is 08:59 AM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.