Kodex Ransomware v2.0 has been released, with a completely renewed encryption method, and the source code has been rewritten from scratch (a unique encryption method will now be used instead of the archiving method to encrypt files). All minor and major issues stemming from Kodex Ransomware v1.0 have been fixed and improved (including the full encryption issue, screenshot resolution, timing issue, etc.).
Compared to Kodex Ransomware v1.0, the encryption speed of v2.0 has been increased by 83.33%, and new folders for encryption have been added (Important documents Encryption: Desktop, downloads, documents, videos, pictures folders. Full Encryption: Important documents + Other disks).
A “Kodex Ransomware Decryption Tool” has been developed to decrypt files encrypted using Kodex Ransomware v2.0 (this decryption tool will be sent to customers).
For Kodex Ransomware v2.0, the normal agent selection and can’t be destroyed features have been removed (a private encrypter will be used in every case when creating the Kodex Ransomware v2.0 agent, with the binder as an option).
Support for Kodex Ransomware v1.0 has been discontinued, and agents created using Kodex Ransomware v1.0 will no longer function with this update. We strongly recommend updating your software.
Kodex Ransomware video has been updated. Click here to watch the tutorial.
For RAT, when ‘Kill’ is right-clicked during the connection to the target system, the connection will be completely terminated (and the persistence feature will be removed). This way, you can completely eliminate any unwanted connections. (Customer suggestion)
All errors in the Persistence modules have been fixed, and their infrastructures have been revamped (UAC silently bypassed for the next reboot, fixed major issues).
For older cameras, a 2-second cooldown has been added to the webcam section of the Screenshot & Webcam Extractor, resolving the issue with capturing camshots.
In the Rat Shell, a border has been added, and a menu has been added to the top right corner in the RAT section. Also, all the fonts completely redesigned. [View changes]
To address potential connection issues, FTP and RAT listening are now configured not to run at the same time (major bug fixes).
The infrastructure for both normal agent creation and Private Encrypter & Binder agent creation has been completely overhauled, resulting in faster agent generation and bug fixes. (With this update, please be aware that the installation of the Private Encrypter may take some time. Kindly wait patiently and refrain from clicking on the GUI during the download. Note that this waiting period is a one-time occurrence after the Private Encrypter update.)
Added new AVs to KleenScan system, and the “something went wrong” error has been completely resolved
Kodex ransomware agent will now be able to perform self-debugging and automatically stop functioning when an unexpected event occurs (to prevent the deletion of files on the target system before they are encrypted)
Minor bug fixes (new software security system)
v4.1 • June 9, 2023
Added a note system for RAT Mode (Customer suggestion, you can now take notes about the target system)
Resolved the issue of RAT Mode freezing unexpectedly
RAT Mode’s execute URL section has been updated to use HTTPS and fixed errors
The issue of having a new tray icon appear for each notification in RAT Mode has been resolved, and a menu has been added to the tray icon
Errors in persistence agents have been fixed
WD Bypass feature has been improved
Fixed minor issues in RAT Mode’s Upload & Execute functionality
In the FTP Server System, the issue of connection dropping when it remained open for an extended period has been resolved by enhancing the ‘Refresh’ option. Users can now click the Refresh option to automatically reconnect in case of connection loss
Fixed the issue of screen shifting for Screen & Webcam Extractor (screenshot is now centered)
The problem of not being able to upload images and webcam footage for the Screen & Webcam extractor to FTP has been completely resolved (this issue was only present for Screen & Webcam Extractor in normal agent creation)
GUI automatic resizing has been reconfigured
Minor GUI improvements (Checkbox, pop-up issue, etc.)
GUI icon resolution issue has been fixed
Implemented new security measures for the software’s safety
Fixed small bugs in File Extractor and Kodex Ransomware
Made minor bug fixes in normal agent creation and private encrypter & binder
v4.0 (RAT) • May 1, 2023
Single Bullet & RAT Mode has been added:
Evil Extractor now offers two modes of operation: Single Bullet and RAT. Users can combine these modes for more advanced attacks. With RAT mode, you can establish a live connection with the target system, giving you the ability to upload, delete, download files, take screenshots, send fake error messages and perform many other actions. On the other hand, Single Bullet mode provides six primary attack types, each with unique features that work through FTP service.
A notification system has been added to notify the user when a target machine connects to the RAT.
With v4.0, the GUI resizing will be done automatically according to the screen size.
GUI scrollbar appearance has been changed.
VM setup requirement has been removed since no one was using it (although it is still recommended and those who wish can still install/use it on a VM).
Private Encrypter & Binder bug has been fixed.
Screen and webcam image counting issue has been resolved.
Private Encrypter and Normal Agent Creation methods updated. Detection values decreased to 1/40 -> Click here to view
Keylogger feature has been removed from Evil Extractor to focus on further development and a new software will be released in the future. All Evil Extractor customers will benefit from this new software.
Persistence modules have been improved (UAC notification bypassed).
PDFs have been updated to explain RAT mode.
v3.6 • March 22, 2023
Minor Bug Fixes (Ransomware, Screen & Webcam Extractor, Password & Cookie Extractor, Keylogger). Those features will not work properly in the old version (v3.5.5), we strongly recommend updating your software.
Password & Cookie Extractor improved (Added cooldown for: computers with saved a lot of information in browsers).
Keylogger improved (some typos fixed).
Screen & Webcam resolution fixed for webcam feature.
v3.5.5 • March 17, 2023
Minor Bug Fixes (Persistence Modules).
Password & Cookie feature has been improved. Password & Cookie Extractor may not work properly in the old version (v3.5), we strongly recommend updating your software.
Anti-VM feature has been extremely strengthened and most well-known virtual machines have been added to the blacklist (Your agent will no longer run inside machines such as JOHN-PC, ANNA-PC etc. and you will no longer see these names on your FTP server).
v3.5 • March 8, 2023
Minor Bug Fixes (GUI, Private Encrypter & Binder).
The Keylogger feature has been rewritten from scratch and is now much more detailed like -> “[ENTER]hello world![F5].”
All features have been renewed/updated. Old features may not work properly in the old version (v3.4), we strongly recommend updating your software.
Anti VM feature has been strengthened (No more sandboxies).
No Tracking feature has been improved.
Private Encrypter method updated (Detection values decreased to -> 0/34)
Antivirus Scan Results for All In One Extractor (With Extra Features) -> Click here to view
Note: Detection values may change person to person (for more information, please take a look at v2.2 update notes).
v3.4 • February 25, 2023
Password & Cookie, Screen & Webcam Extractor, Keylogger and Kodex Ransomware infrastructure has been completely changed (These features have been accelerated and strengthened). Those features will not work properly in the old version (v3.4 below), we strongly recommend updating your software.
Screen & Webcam infrastructure has been changed, also improved image quality for webcam (1920×1080).
Browser History removed from Credentials, added to Password & Cookie Extractor (Now, browser history detailed like: URL, Visit Time, Title).
Credentials Extractor completely renewed (Incoming logs will be organized in one txt file). Also, added Real-Time location, GPU, CPU, RAM and many other things to Credentials Extractor.
Password & Cookie Extraction infrastructure has been completely changed/renewed. Now all cookie information will be delivered in JSON format (Customer suggestion), some less popular browsers have been removed and removed Outlook & Thunderbird password extracting feature (resulting in 99% faster performance).
Private Video “Bypass Youtube & G-Mail 2FA” renewed (JSON Format).
v3.3 • February 18, 2023
Minor Bug Fixes (GUI fonts + GUI pop-up issue + License system will be work more stable from now + persistence modules)
Added KleenScan agent scan system (Now, you can scan your agents’ detection value through Evil Extractor)
Added “Select Area for Encryption” for Kodex Ransomware (Now, you have 2 option: Full Encryption, Important Documents Encryption). (Customer suggestion)
Added screenshot feature for Kodex Ransomware (You’ll get a single screenshot after encryption). (Customer suggestion)
UAC Bypass feature has been strengthened.
Anti-VM feature has been strengthened.
Added Extension Spoofing video to private videos. (Customer suggestion)
Antivirus Scan Results for All In One Extractor (With Extra Features) -> Click here to view
Note: Detection values may change person to person (for more information, please take a look at v2.2 update notes).
v3.1 • February 7, 2023
Minor bug fixes (GUI + Message Box + Keylogger).
The Keylogger infrastructure has been changed (now it’s better). This feature (Keylogger) may not work properly in the old version (v3.0), we strongly recommend updating your software.
Added Private Video (Bypass Youtube 2FA). (Customer suggestion)
v3.0 (GUI) • January 24, 2023
Evil Extractor GUI released (Evil Extractor completely renewed). Now you can follow your targets via Evil Extractor server system.
Added Keylogger (Persistence). Also integrated with All-in-one Extractor (Customer suggestion)
Minor bug fixes (Password & Cookie Extractor)
Private Encrypter Method Updated. Detection values decreased to -> 1/26 (All in one Extractor with extra features)
Added 6 hours time range option to Keylogger + Screen & Webcam Extractor
Kodex Ransomware instrafacture has been extremely strengthened.
Now, Kodex Ransomware feature will be also encrypt Downloads folder on target system too (Now: Desktop + Downloads)
Also, license system has been completely changed; Now, you don’t have to download Evil Extractor License Generator to use Evil Extractor. All the system is fully automated with license keys.
v2.3 • January 4, 2023
Minor bug fixes
Added contact information for Kodex Ransomware (Customer suggestion)
Added Opera Stable, Microsoft Edge cookie grabber for Password & Cookie Extractor
Added File Extractor instead of Desktop Extractor (Now, File Extractor will extract files from Downloads and Desktop folders). Now, you will only be able to receive files with certain extensions (to avoid uploading unnecessary files in FTP area).
Files with these extensions will be extracted: jpg, png, jpeg, mp4, mpeg, mp3, avi, txt, rtf, xlsx, docx, pptx, pdf, rar, zip, 7z, csv, xml, html
v2.2 • December 25, 2022
Added anti VM
Added agent icon selection for every agent (Now, can be used without extra features)
Added Private Encrypter. Now, each customer will have their own encrypter. No one will be effected by the behavior of others (like uploading agent to virustotal or automatic sample submission etc.). Detection values may change person to person.
v2.1 • December 13, 2022
Added live countdown (Read_me.html) to Kodex Ransomware feature.
v2.0 • December 10, 2022
Transfer queue completely changed (File loss is minimized in case of a possible internet loss on the target system).
Can’t be destroyed feature added.
Kodex Ransomware added.
v1.9 • December 6, 2022
Target location and hostname added (Now, incoming files will be more organized like: [United States]DESKTOP-XXXX). (Customer suggestion)
With v1.9, a single Evil Extractor agent can run at (at the same time) many different computers.
v1.8 • December 4, 2022
Windows Defender Bypass Method added (Evil Extractor agent will add itself to exclusions once it executes.)
UAC Bypass added (Evil Extractor agent will always run as administrator.)
v1.7 • December 1, 2022
Added Password & Cookie Extractor
(Now, Evil Extractor can grab passwords from 27 different browsers. Including mail softwares like: Thunderbird and Outlook)
Firefox table bug fixed on Password & Cookie Extractor
v1.6 • November 27, 2022
Minor bug fixes on Extra Features
Added “cookies.html” (table) for Cookie Extractor (Cookies now more organized: Expiration date, cookie value etc.)
Added Free FTP plans to all packages
v1.5 • November 16, 2022
Extra Features (Encrypter and Binder)
Icon change selection for agent
Firefox cookie grabber for Cookie Extractor
Time range selection for Screen & Webcam Extractor
Public IP information for Credentials Extractor
Edge browser history for Credentials Extractor
v1.4 • October 7, 2022
Added Screen & Webcam Extractor (Persistence)
v1.3 • October 1, 2022
Screenshot Extractor (Persistence)
x64 & x86 selection added
v1.2 • September 14, 2022
All in one
No-console (target-side console output is no longer shown)
