Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RansomLordNG - anti-ransomware exploit tool

From: malvuln <malvuln13 () gmail com>
Date: Fri, 13 Dec 2024 01:05:58 -0500
This next generation version dumps process memory of the targeted
Malware prior to termination The process memory dump file MalDump.dmp
varies in size and can be 50 MB plus RansomLord now intercepts and
terminates ransomware from 54 different threat groups Adding GPCode,
DarkRace, Snocry, Hydra and Sage to the ever growing victim list.

Lang: C
SHA256: fcb259471a4a7afa938e3aa119bdff25620ae83f128c8c7d39266f410a7ec9aa

RansomLordNG leverages code execution vulnerabilities and saving
process memory to disk prior to termination of the Malware
pre-encryption. This may be useful as we can possibly avoid unpacking,
anti-debugging techniques or fully executing the malware. The MalDump
feature is optional and can be toggled to enabled=1 or disabled=0

https://github.com/malvuln/RansomLord/releases/tag/NG

Thank you,
malvuln
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/
Previous By Date Next
Previous By Thread Next

Current thread: