top of page

Slam! Anatomy of a Publicly-Available Ransomware Builder

The Slam Ransomware Builder first appeared in late 2021, with Slam ransomware payloads appearing in the wild shortly after (e.g., ConsoleApp2.exe). During mid-2022, downloadable and executable versions of the Slam Ransomware Builder appeared on a publicly-visible repository on Github and were available for several months until Github admins removed the repository on September 1st, 2022. The owner of the now-removed repository dubbed it “The Most Advanced Free Ransomware Builder” and has a history of providing “educational” videos on Vimeo, Youtube and KZHome, instructing viewers how to build ransomware and “virus payloads”.


ATT&CK IDS: T1001 - Data Obfuscation, T1088 - Bypass User Account Control, T1471 - Data Encrypted for Impact, T1490 - Inhibit System Recovery, T1041 - Exfiltration Over C2 Channel, T1059 - Command and Scripting Interpreter



Commenting has been turned off.
bottom of page