Exploiting a cryptographic vulnerability inside the Donex Ransomware

Overview Upon publishing a post about my analysis on a newly discovered Ransomware called “Donex”, I received a hint about a possible vulnerability inside the ransomware by a friend of mine, Josh from InvokeRE, huge thank you to him for making this post possible. The vulnerability we will be covering today is called the Reused key attack, which is present in all stream ciphers. In case you are a victim of this ransomware and need help to recover your files, feel free to contact me on Twitter....

April 19, 2024 · 6 min · 1248 words · Me

Analyzing the new Donex Ransomware

Overview Recently, I came across a fresh ransomware group known as “Donex” which emerged in February of this year. After the recent takedown of LockBit and the exitscam of ALPHV/BlackCat, the ransomware landscape is ripe for a new dominant player. Today I obtained a sample of this ransomware from MalwareBazaar and decided to analyze it further. In this blog post, we will explore the inner workings of Donex ransomware. Sample information SHA256: 0adde4246aaa9fb3964d1d6cf3c29b1b13074015b250eb8e5591339f92e1e3ca...

March 27, 2024 · 5 min · 973 words · Me


Hey there, welcome to my blog! I’m a 17-year-old student from Germany, and I’m deeply passionate about coding, reverse engineering, and malware analysis. Here, I share my research findings on newly discovered malware samples and write-ups on various programming concepts.

March 27, 2024 · 1 min · 40 words · Me