What's new
Team OS : Your Only Destination To Custom OS !!

Welcome to TeamOS Community, Register or Login to the Community to Download Torrents, Get Access to Shoutbox, Post Replies, Use Search Engine and many more features. Register Today!

Direct Raccine version 0.5.3 -=TeamOS=-

Virus Total Result
https://www.virustotal.com/gui/file/82636fcaf521b99e7c32a3034ded6fca1a61dcd584eb61edcee72451e7ffcf46/detection/f-82636fcaf521b99e7c32a3034ded6fca1a61dcd584eb61edcee72451e7ffcf46-1602630527
Mirkec

Mirkec

Uploader
Power User
Windows Modifier
✅ Verified Member
Member
Downloaded
57.6 GB
Uploaded
16 TB
Ratio
285.11
Seedbonus
329,011
Upload Count
83 (96)
Member for 6 years
PYsM4J.png


Review
Raccine is simple ransomware protection. It is meant as a simple portable ransomware vaccine intended to protect against attacks that target shadow copies for deletion via vssadmin.exe. Ransomware will often delete all shadow copies using vssadmin; Raccine intercepts that request and kills the invoking process. Raccine is a binary, that first collects all PIDs of the parent processes and then attempts to kill all parent processes.

There are several advantages for Raccine, the method is generic, no replacement of a system file (vssadmin.exe or wmic.exe), which could lead to integrity problems and could break the "raccination" on each Medicines day, these changes are easy to undo, and finally, there is no running executable or additional service required (agent-less).


Two different installation options:
  1. Automatic
    • Download Raccine.zip from the Release section;
    • Extract it;
    • Run raccine-installer.bat.
  2. Manual
    • Apply Registry Medicines raccine-reg-Medicines-vssadmin.reg to intercept invocations of vssadmin.exe;
    • Place Raccine.exe from the release section in the PATH, e.g. into C:\Windows (For i386 architecture systems, use Raccine_x86.exe and rename it to Raccine.exe).


Avantages:
  • The method is rather generic;
  • User do not have to replace a system file (vssadmin.exe or wmic.exe), which could lead to integrity problems and could break our raccination on each Medicines day;
  • The changes are easy to undo;
  • Should work on all Windows versions from Windows 2000 onwards;
  • No running executable or additional service required (agent-less).

Disadvantages/Blind Spots:
  • The legitimate use of vssadmin.exe delete shadows (or any other blacklisted combination) is not possible anymore;
  • It even kills the processes that tried to invoke vssadmin.exe delete shadows, which could be a backup process;
  • This would not catch methods in which the malicious process is npt one of the processes in the tree that has invoked vssadmin.exe (e.g. via schtasks).


The Process:
  1. Invocation of vssadmin.exe (and wmic.exe) gets intercepted and passed to raccine.exe as debugger (vssadmin.exe delete shadows becomes raccine.xe vssadmin.exe delete shadows);
  2. We then process the command line arguments and look for malicious combinations;
  3. If no malicious combination could be found, we create a new process with the original command line parameters;
  4. If a malicious combination could be found, we collect all PIDs of parent processes and start killing them (this should be the malware processes as shown in the screenshots above). Raccine shows a command line window with the killed PIDs for 5 seconds and then exits itself.


Malicious combinations:
  • delete and shadows (vssadmin)
  • resize and shadowstorage (vssadmin)
  • delete and shadowstorage (vssadmin)
  • delete and shadowcopy (wmic)
  • delete and catalog and -quiet (wbadmin)

Warning !!! USE IT AT YOUR OWN RISK!
A user would not be able to run commands that use the blacklisted commands on a raccinated machine anymore until the user apply the uninstall Medicines raccine-reg-Medicines-uninstall.reg. This could break various backup solutions that run that specific command during their work. It will not only block that request but kills all processes in that tree including the backup solution and its invoking process.

If users have solid security monitoring that logs all process executions, the user could check its logs to see if vssadmin.exe delete shadows or vssadmin.exe resize shadowstorage ... is frequently or sporadically used for legitimate purposes, in which case user should refrain from using Raccine.


What is new in version 0.5.3 (Released on October 09, 2020):
  • Windows Batch Installer.


System requirements:
OS: Microsoft Windows® XP, Windows® Vista, Windows® 7, Windows® 8, Windows® 8.1, Windows® 10 (both 32 & 64-bit).


Install notes:
1. Run the executable file or command-line interpreter program for silent installation;
2. Enjoy!


Screenshots:

PYsiGg.png

PYseUD.png



Virus free! No virus signature! 100% clean!
All credits go to Neo23x0, who made and shared the scripts with us!


File: install-raccine.bat
You must be registered for see links
00/59
MD5: 9FA71E7870F8B8B95D5DCEA1FFFDE6A1
SHA1: 41FED15432C51CCA7124A64D87A146FFA7DF7514
SHA256: 82636FCAF521B99E7C32A3034DED6FCA1A61DCD584EB61EDCEE72451E7FFCF46

File: Raccine.exe
You must be registered for see links
01/70
MD5: 62F9BCCBFD666E1B7B41210A8E2447B8
SHA1: 50450F352351D032321376FEA95303DDA0AE301B
SHA256: 28EA3DC09982BF40F014575166D2C5BEE55B00981FA1F4171D9BFE43FFA54FAF

File: Raccine_x86.exe
You must be registered for see links
21/65
MD5: 12019B20064B68671D6E899A8E98C393
SHA1: 40F19CC73C5BB869E40032E02ABF0682119A2998
SHA256: 46B1A5A6BB62C1975FE74EFCF681951325508E38215A70F961402A188FE494E9


Kind regards,
@Mirkec
in collaboration with TeamOS ;)


Download links - version 0.5.3 (Size: 491.91 KB):
You must be registered for see links

You must be registered for see links

You must be registered for see links
 
monaco55

monaco55

Member
Downloaded
101.7 GB
Uploaded
445.8 GB
Ratio
4.39
Seedbonus
162
Upload Count
0 (0)
Member for 4 years
thanks for sharring best tuto Mirkec :clap:
 
You must log in or register to reply here.
Top