CTB-Locker Ransomware Scripts.

CTB-Locker Ransomware Scripts.

NOTE: This Post for Education Purpose and Reverse Engineering Trainer session Only!

CTB-locker is a encryption malware belongs to a new generation of ransomware family.
File Lists:
+ ctb_help.py; CTB-locker infection helper tool PoC. Proof-of-Concept tool for helping in recovery/decryption of files encrypted using the ‘CTB-locker’ ransomware family. Run this script on the infected machine.
+ ctb_memhunter.py; CTB-locker memory hunter tool PoC. Proof-of-Concept tool for detecting remnant Curve25519 keypairs in ‘CTB-locker’ ransomware family memory dumps.

ctb-locker memory dump

ctb-locker memory dump

+ ctb_recover.py; CTB-locker file decryption tool PoC. Proof-of-Concept tool for decryption of files encrypted using the ‘CTB-locker’ ransomware family provided we have the master private key.

CTB-Locker Decryption

CTB-Locker Decryption

+ ctblocker.ioc; sample format for the attack vector and malware. download openIOC: (https://www.fireeye.com/services/freeware/ioc-editor.html)

Requirements :
+ https://github.com/TomCrypto/pycurve25519
+ pycrypto

NOTE: This Post for Education Purpose and Reverse Engineering Trainer session Only!

Download : CTB-Locker.zip (6.8 KB)
Source and more details Here