Characteristics:
--Small file size client.
--Builder can steal icons from another executable or load any png or ico file.
--Low antivirus detection without encryption.
--Self delete client after encryption is done.
--Encryption key is erased after encryption which makes very hard to recover the key.
--Strong encryption algorithm.
--File extensions to be encrypted can be configured.
--Decryptor is provided (requires encryption key used at the moment of building).
--Totally configurable: client name, ransom message, ransom filename, encrypted extension, directories to be attacked, BTC address, special directories to be attacked.
--Automatic internet updates.
--Fully Tested in Windows 10.
Some technical facts:
Functional wise all occurs automatically behind cameras, when the builder is first opened a random key is generated automatically there's a button to change it though if you need to create several ransom files a log file is created containing all created ransom executables info and also each individual decryption key. It is also possible to customize the directories to attack or let the malware encrypt all.
In targeted attacks you could happen to know which directory or directories are better to encrypt and in such case is better to set only those directories because encryption will be faster and the user will have less time to react.
The builder let you also configure the encryption extension so you can add a personal touch to the process like .die or .death or whatever encryption extension you wish to set.
it is also possible to change the note filename and its content however default values are good enough. This builder creates targeted clients.
LAN SPREADING READY:
Without encryption:
Edited by Aesculapius, 31 January 2021 - 05:21 PM.