Skip to content
/ Shamoon-4 Public

Unofficial Iranian hackers group disk wiper malware aka "Shamoon" in .NET 2.0

11 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

raystyle/Shamoon-4

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
Shamoon 4
Shamoon 4
 
 
README.md
README.md
 
 
Shamoon 4.sln
Shamoon 4.sln
 
 

Repository files navigation

Shamoon 4

Rewrited and optimized unofficial Iranian hackers group wiper malware aka "Shamoon" in .NET 2.0.

MBR overwrite

This Shamoon does not destroy MBR sector vain like its brothers. Instead write message to boot screen, original bootloader code leaked from "Redboot" ransowmare by reverse engineering. Example

Demonstration

To view the demonstration video, you can check YouTube link - https://youtu.be/XsY9wu5ZB4M

Backdoor

This Shamoon check for fallowing directory path - "C:\Python27". When exists does not do any activity and force close itself.

Disclaimer

This project has been developed solely for learning purposes. The author is not affiliated with the Iranian hacker groups or any other groups. Any damage caused by this program/tool/malware on the user's responsibility.

Reference

  1. https://en.wikipedia.org/wiki/Shamoon
  2. https://www.bleepingcomputer.com/news/security/ransomware-or-wiper-redboot-encrypts-files-but-also-modifies-partition-table
  3. https://www.reverse.it/sample/112e1276c2b34a138d727ac29c6c0f19082c9ea5b0ef0d6606c2c0281ce413e8?environmentId=100
  4. https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/shamoon-attackers-employ-new-tool-kit-to-wipe-infected-systems

About

Unofficial Iranian hackers group disk wiper malware aka "Shamoon" in .NET 2.0

Resources

Readme
Activity

Stars

11 stars

Watchers

2 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages