Hashcat Releases Tool for Cracking Encrypted Payload of the Gauss Malware

oclGaussCrack is much faster than any other tool seen so far

  Hashcat has released a tool that can be used to decrypt Gauss's payload
Hashcat has released an interesting tool called oclGaussCrack whose main goal is to crack the verification hash of the encrypted payload of the notorious Gauss malware.

Hashcat has released an interesting tool called oclGaussCrack whose main goal is to crack the verification hash of the encrypted payload of the notorious Gauss malware.

Discovered back in August, Gauss is a highly sophisticated state-sponsored Trojan. Many of its inner workings have remained a mystery for researchers, especially its payload, which couldn’t be decrypted.

Since they didn’t manage to break the encryption that protected the payload from the Trojan’s Godel module, Kaspersky experts turned to outside help, hoping that experienced cryptographers or mathematicians could come up with a solution.

The answer, they think, may lie in oclGaussCrack, released on Thursday by Jens ‘atom’ Steube, the creator of the renowned GPU-accelerated Hashcat password cracking tools.

The best thing about this tool is that it’s very fast. For instance, on an AMD FX 8120 (CPU), it performs at 14k c/s, while on an AMD Radeon HD 7970 (GPU), it runs at 489k c/s.

oclGaussCrack is available for download here

Comments

By    28 Dec 2012, 18:51 GMT