Exploiting a cryptographic vulnerability inside the Donex Ransomware
Overview Upon publishing a post about my analysis on a newly discovered Ransomware called “Donex”, I received a hint about a possible vulnerability inside the ransomware by a friend of mine, Josh from InvokeRE, huge thank you to him for making this post possible. The vulnerability we will be covering today is called the Reused key attack, which is present in all stream ciphers. In case you are a victim of this ransomware and need help to recover your files, feel free to contact me on Twitter....
Analyzing the new Donex Ransomware
Overview Recently, I came across a fresh ransomware group known as “Donex” which emerged in February of this year. After the recent takedown of LockBit and the exitscam of ALPHV/BlackCat, the ransomware landscape is ripe for a new dominant player. Today I obtained a sample of this ransomware from MalwareBazaar and decided to analyze it further. In this blog post, we will explore the inner workings of Donex ransomware. Sample information SHA256: 0adde4246aaa9fb3964d1d6cf3c29b1b13074015b250eb8e5591339f92e1e3ca...
About
Hey there, welcome to my blog! I’m a 17-year-old student from Germany, and I’m deeply passionate about coding, reverse engineering, and malware analysis. Here, I share my research findings on newly discovered malware samples and write-ups on various programming concepts.