Hi guys I am very pleased for the opportunity of being able to offer you my products and services. I have been developing malware for many years and update my products frequently.
Thanos Private Ransomware Builder. Here some images:
https://i.postimg.cc/JhRDd4MB/2019-1...2-1-Date-2.png [/ img]
[img]
https://i.postimg.cc/hPSGBZNH/2019-1...on-Options.png [/ img]
[img]
https://i.postimg.cc/5yfffjKw/2019-1...er-Utility.png [/ img]
Ransomware Builder is designed for both individual attacks and companies attacks. These are the main characteristics of the product:
--Main aspects.
--Low detection rates. Typically 2/26 without a crypter although its advisable to use it.
--Works well and it has been thoroughly tested from Windows Server 2008 and up.
--Easy to use attractive interface. Creation of a ransomware client is as easy as three steps: 1. Change bitcoin address to collect the ransom, 2. Type email for contact (anonymous email service) and ransom amount, 3. Click Build.
Interface has contextual help. Any option where you hover the mouse will indicate how to use. If you make mistakes, the builder will indicate the problem and how to correct it.
--Unattended updates. The builder updates automatically without user interaction using our update server. All you need to do to get updated is open your builder and wait for the update be downloaded and restarted.
--Strong Encryption system. It is impossible to recover the files without the right keys. We use American Government Encryption standard for communications with a large encryption key AES / RSA combination.
Unique encryption key per computer. Even computers in the same network will require a different decryption key. In companies ransomware attacks there is the option for a single key for the whole network too.
Encryption algorithm is fast and efficient so encryption will take place very fast. We have rated it at 6000 files / 15 min for single threading version (multi-thread also available).
--Configurable ransom note and ransom note filename. The builder includes a pre-configured note where all you need to change is ransom amount and email, however you can change it completely or partially.
--Configurable encryption extension and extensions to encrypt. Builder comes with a predefined encryption extension. So all files will be encrypted and renamed to that extension. You can change that so you can give a personal touch to your ransomware like .die or .fun or .encrypted or whatever.
Target files extensions can also be configured. A large list of typical companies databases is already set but you can add more if you wish. You also have the option to exclude extensions, as well as not changing extension at all.
--Full or partial encryption. Partial encryption size is also configurable. Files over that limit are partial and below are fully encrypted.
--Automatic decoder. Decoder is pretty much automatic. All you do is input the decryption key and push decrypt button.
--Detailed creation log. Includes ransomware file name, compilation password, bitcoin address for ransom, time of creation and encryption extension, static key if used.
--Small size client. Code is on-demand, so different options change client size but it can be from 20-40Kb.
--Full offline encryption.
--Data Stealer: You can steal sensitive data from the victim before encryption and upload to your ftp controls server.
--General options.
--Customized icon. You can and should select an icon for your ransomware client. This icon can come from an .ico file or a .png file or you can even steal the icon from any executable file. You have the option of drag & drop the icon file or select it.
--Self-Delete: Ransomware client will delete itself after encryption is done to prevent forensic analysis.
--Persistence: Ransomware client will survive restarts and continue encryption after that.
--Ransomware client can be set tu run as a critical process (produces a BSOD in case you attempt to close it in task manager).
--Random Assembly: Ransomware client will be created with all assembly fields filled with random data so it can not be easily flagged by antivirus.
--Anti-VM: Client can be set to graciously exit in case it detect it is running in a virtualized analysis environment.
--Kill Windows Defender: Client can be set to kill windows defender so it can not be turned back on.
--Kill other antivirus. At the moment the ransomware can cripple AVG and Malwarebytes depending on version and Platform.
--Kill Windows AMSI. This will ease evasion in case the antivirus uses AMSI technology.
--Deceiving message: Show a fake message while melting ta hidden directory.
--Unlock operative system locked files. Files blocked by the OS will be released and encrypted.
--Client can be set as admin too facilitating the encryption of a larger number of files.
--Immortal Process: Client can be set as an immortal process, so not even process hacker or similar tools can terminate it.
--Maximum file size to be encrypted can be configured too. Default for companies is 100 Gb but it can be increased.
--FTP logger. You can set and ftp server to receive information from victims like Name, IP, number of files affected, time of attack, Unique Key Id of target etc.
- Wallpaper changer: The client can download and change the target wallpaper at the very end of encryption process.
--Ransom note multiplication. In case the user decides to erase the main ransom note in the desktop, one additional note is created in each directory where encrypted files are located.
--Mutex. Ransomware client can be ran only once to avoid double ransom.
--Erases Recycle Bin.
--Advanced features.
--Fully configurable attacks. Ransomware can be set to automatically discover drives (including network and removable) or you can set selective attacks on specific drives or even directories.
--LAN Spreading. As this ransomware is designed with companies in mind, it can spread from one computer to another in the same LAN or even from a VM to its host if writing permissions are present.
--Strong obfuscation against forensics. Your ransomware client is created already strongly obfuscated so its very complex to analyze or grab any data from it. And even so, detections rates are very low.
--Dynamic code. Only the code belonging to the options you select are included in the client. If you un-check an option then that code is dynamically removed.
--Polymorphism. No client is identical to the previous one. Code is rearranged and random code is added at different locations in each build.
- Different compilation platforms. You can create your client ransomware for an specific platform for better speed and compatibility.
--Multi-Threading encryption.
--RIPlace technology to encrypt files protected by anti-ransomware defenses.
--Partial file encryption with varable size.
--Delayed encryption activation.
--Optional not changing files extension.
--Dynamic key for individuals and static por big corporations (all computers decrypt with same key).
--Network disks mounting and Wake on LAN feature.
- Ideal for affiliate programs (RSA keys can be created individually for each affiliate).
--RIPlace technology to encrypt files protected by MS anti-ransomware technology.
--Folder Access Control Disabling.
--RootKit. It will hide the ransomware from task manager.
Video tutorial (not latest version portrayed):
https://vimeo.com/366370243
Multi-threading:
https://vimeo.com/374278850
Recycle Bin Erasing:
https://vimeo.com/374904312
Wallpaper changer:
https://vimeo.com/374727515
Change Log:
--Improved RootKit:
https://vimeo.com/390314836
--Improved scantime detection:
https://antiscan.me/images/result/Aqfvkg2PlIqg.png (This is without crypter. Eset is only a warning so it let run too, so really 0/26). This is not runtime though, so we recommend using a crypter over bare bones ransomware client for optimum results.
Affiliate program candidates please make contact.
For builder prices visit shoppy store:
https://shoppy.gg/@Nosophoros/groups/52A0ACQ
Contact:
mailto:[email protected]
Discord Server:
https://discord.gg/NfWd3kK
01-23-2025, 02:08 PM
Linear Mode
