Prince now has a Windows Defender flag, namely “Ransom:Win64/PrinceRansom.YAA!MTB”. This means that Prince Ransomware will no longer bypass Windows Defender without modifications to remove the signature.
If, for whatever reason, bypassing Windows Defender is a priority for you, contact me on Telegram and I will accept payment for any changes you may require.
Prince is a ransomware written from scratch in Go. It uses a mixture of ChaCha20 and ECIES cryptography in order to encrypt files securely so that they cannot be recovered by traditional recovery tools.
Files which have been encrypted by Prince can only be decrypted using the corresponding decryptor.
Build.bat
file.Builder.exe
file in the current directory.Builder.exe
program.Encryptor
and Decryptor
directories, as it will not be able to build them otherwise.Prince-Built.exe
file is the encryptor. Use caution when handling it as it can cause a lot of damage to your system.Decryptor-Built.exe
file is the decryptor. It will only decrypt files which were decrypted by the corresponding encryptor.I chose this unique combination of encryption methods for several reasons:
For more information click here.
NyxInvoke is a versatile Rust-based tool designed for executing .NET assemblies, PowerShell commands/scripts, and Beacon…
You've heard about Rust, but you never had the chance to try it out?This course…
This is small harness to recreate the social engineering and phishing lure recently seen in…
Usman Sikander (a.k.a Offensive-Panda) is a seasoned security professional specializing in adversary emulation, malware development,…
Just some quick malware analysis on a free Saturday. I was just chilling in the…
MyMSIAnalyzer is a tool that allows you to detect vulnerabilities inside MSI files. It is…