Exetools  

Go Back   Exetools > General > Source Code

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 06-16-2021, 14:21
Giotis Giotis is offline
Friend
 
Join Date: Aug 2016
Posts: 43
Rept. Given: 1
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 66
Thanks Rcvd at 106 Times in 28 Posts
Giotis Reputation: 2
Paradise ransomware source code by vx-underground

News about the recent leak
Code:
https://therecord.media/source-code-for-paradise-ransomware-leaked-on-hacking-forums/
Download
Quote:
https://github.com/vxunderground/MalwareSourceCode/tree/main/Leaks/Win32
Reply With Quote
The Following User Says Thank You to Giotis For This Useful Post:
Pushad (07-03-2021)
  #2  
Old 06-16-2021, 19:48
Kurapica's Avatar
Kurapica Kurapica is online now
VIP
 
Join Date: Jun 2009
Location: Archives
Posts: 194
Rept. Given: 20
Rept. Rcvd 144 Times in 43 Posts
Thanks Given: 67
Thanks Rcvd at 422 Times in 89 Posts
Kurapica Reputation: 100-199 Kurapica Reputation: 100-199
C# and some fancy Loop with RSA

best way to make money in 2021
Reply With Quote
  #3  
Old 06-23-2021, 17:55
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 514
Rept. Given: 29
Rept. Rcvd 461 Times in 163 Posts
Thanks Given: 23
Thanks Rcvd at 2,235 Times in 403 Posts
CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499
How was the "Emsisoft Decrypt for Paradise" made?
I thought that decrypt of files protected by ransomware is impossible!
Reply With Quote
  #4  
Old 06-23-2021, 18:42
Shub-Nigurrath's Avatar
Shub-Nigurrath Shub-Nigurrath is offline
VIP
 
Join Date: Mar 2004
Location: Obscure Kadath
Posts: 922
Rept. Given: 62
Rept. Rcvd 419 Times in 94 Posts
Thanks Given: 70
Thanks Rcvd at 333 Times in 102 Posts
Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499 Shub-Nigurrath Reputation: 400-499
There are different ways to write a decrypter, mainly coding crypto stuff errors. However, as reported in the news, Paradise was "certified" to be undecryptable (https://twitter.com/demonslay335/status/1202936203290525701). Consider that Emsisoft decrypter is from 2019, and these sources of Paradise, if I see well, are from 2020
__________________
Ŝħůb-Ňìĝùŕřaŧħ ₪)
There are only 10 types of people in the world: Those who understand binary, and those who don't
http://www.accessroot.com
Reply With Quote
  #5  
Old 06-23-2021, 22:10
Kurapica's Avatar
Kurapica Kurapica is online now
VIP
 
Join Date: Jun 2009
Location: Archives
Posts: 194
Rept. Given: 20
Rept. Rcvd 144 Times in 43 Posts
Thanks Given: 67
Thanks Rcvd at 422 Times in 89 Posts
Kurapica Reputation: 100-199 Kurapica Reputation: 100-199
@CodeCracker : weakly coded ransomwares sometimes left traces of encryption keys either in RAM or somewhere else which sometimes can help create a decryptor if those traces could be dumped and used.
Reply With Quote
The Following User Says Thank You to Kurapica For This Useful Post:
niculaita (06-24-2021)
  #6  
Old 06-24-2021, 02:22
CodeCracker CodeCracker is offline
VIP
 
Join Date: Jun 2011
Posts: 514
Rept. Given: 29
Rept. Rcvd 461 Times in 163 Posts
Thanks Given: 23
Thanks Rcvd at 2,235 Times in 403 Posts
CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499 CodeCracker Reputation: 400-499
From my analyzes of the ransom globeimposter, this ramsoware uses RSA-2048 and AES-128, as far as I know there is no plain text attack of AES-128, and AES key is just some random bytes initialized at execution time; and the key will differ on each run.
So still don't know how the decryption is possible.
Reply With Quote
  #7  
Old 06-24-2021, 03:21
Kurapica's Avatar
Kurapica Kurapica is online now
VIP
 
Join Date: Jun 2009
Location: Archives
Posts: 194
Rept. Given: 20
Rept. Rcvd 144 Times in 43 Posts
Thanks Given: 67
Thanks Rcvd at 422 Times in 89 Posts
Kurapica Reputation: 100-199 Kurapica Reputation: 100-199
Maybe it was possible for the older versions.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Tomahawk's Source Code Paradise TomaHawk Source Code 16 02-20-2017 21:49
VB6 N-CODE - Stop any servive and Start any APP-Release and Source Code wilson bibe General Discussion 5 04-10-2013 00:23


All times are GMT +8. The time now is 00:24.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )