Exetools  

Go Back   Exetools > General > Source Code

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 06-16-2021, 14:21
Giotis Giotis is offline
Friend
 
Join Date: Aug 2016
Posts: 38
Rept. Given: 0
Rept. Rcvd 2 Times in 1 Post
Thanks Given: 60
Thanks Rcvd at 96 Times in 26 Posts
Giotis Reputation: 2
Paradise ransomware source code by vx-underground

News about the recent leak
Code:
https://therecord.media/source-code-for-paradise-ransomware-leaked-on-hacking-forums/
Download
Quote:
https://github.com/vxunderground/MalwareSourceCode/tree/main/Leaks/Win32
Reply With Quote
The Following User Says Thank You to Giotis For This Useful Post:
Pushad (07-03-2021)
  #2  
Old 06-16-2021, 19:48
Kurapica's Avatar
Kurapica Kurapica is offline
VIP
 
Join Date: Jun 2009
Location: Archives
Posts: 156
Rept. Given: 18
Rept. Rcvd 129 Times in 37 Posts
Thanks Given: 42
Thanks Rcvd at 255 Times in 58 Posts
Kurapica Reputation: 100-199 Kurapica Reputation: 100-199
C# and some fancy Loop with RSA

best way to make money in 2021
Reply With Quote
  #3  
Old 06-23-2021, 17:55
CodeCracker CodeCracker is offline
Family
 
Join Date: Jun 2011
Posts: 335
Rept. Given: 19
Rept. Rcvd 276 Times in 87 Posts
Thanks Given: 13
Thanks Rcvd at 1,164 Times in 254 Posts
CodeCracker Reputation: 200-299 CodeCracker Reputation: 200-299 CodeCracker Reputation: 200-299
How was the "Emsisoft Decrypt for Paradise" made?
I thought that decrypt of files protected by ransomware is impossible!
Reply With Quote
  #4  
Old 06-23-2021, 18:42
Shub-Nigurrath's Avatar
Shub-Nigurrath Shub-Nigurrath is offline
VIP
 
Join Date: Mar 2004
Location: Obscure Kadath
Posts: 821
Rept. Given: 49
Rept. Rcvd 391 Times in 86 Posts
Thanks Given: 25
Thanks Rcvd at 106 Times in 53 Posts
Shub-Nigurrath Reputation: 300-399 Shub-Nigurrath Reputation: 300-399 Shub-Nigurrath Reputation: 300-399 Shub-Nigurrath Reputation: 300-399
There are different ways to write a decrypter, mainly coding crypto stuff errors. However, as reported in the news, Paradise was "certified" to be undecryptable (https://twitter.com/demonslay335/status/1202936203290525701). Consider that Emsisoft decrypter is from 2019, and these sources of Paradise, if I see well, are from 2020
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
Reply With Quote
  #5  
Old 06-23-2021, 22:10
Kurapica's Avatar
Kurapica Kurapica is offline
VIP
 
Join Date: Jun 2009
Location: Archives
Posts: 156
Rept. Given: 18
Rept. Rcvd 129 Times in 37 Posts
Thanks Given: 42
Thanks Rcvd at 255 Times in 58 Posts
Kurapica Reputation: 100-199 Kurapica Reputation: 100-199
@CodeCracker : weakly coded ransomwares sometimes left traces of encryption keys either in RAM or somewhere else which sometimes can help create a decryptor if those traces could be dumped and used.
Reply With Quote
The Following User Says Thank You to Kurapica For This Useful Post:
niculaita (06-24-2021)
  #6  
Old 06-24-2021, 02:22
CodeCracker CodeCracker is offline
Family
 
Join Date: Jun 2011
Posts: 335
Rept. Given: 19
Rept. Rcvd 276 Times in 87 Posts
Thanks Given: 13
Thanks Rcvd at 1,164 Times in 254 Posts
CodeCracker Reputation: 200-299 CodeCracker Reputation: 200-299 CodeCracker Reputation: 200-299
From my analyzes of the ransom globeimposter, this ramsoware uses RSA-2048 and AES-128, as far as I know there is no plain text attack of AES-128, and AES key is just some random bytes initialized at execution time; and the key will differ on each run.
So still don't know how the decryption is possible.
Reply With Quote
  #7  
Old 06-24-2021, 03:21
Kurapica's Avatar
Kurapica Kurapica is offline
VIP
 
Join Date: Jun 2009
Location: Archives
Posts: 156
Rept. Given: 18
Rept. Rcvd 129 Times in 37 Posts
Thanks Given: 42
Thanks Rcvd at 255 Times in 58 Posts
Kurapica Reputation: 100-199 Kurapica Reputation: 100-199
Maybe it was possible for the older versions.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On



All times are GMT +8. The time now is 04:27.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX
( 1998 - 2021 )