Hashcat has released an interesting tool called oclGaussCrack whose main goal is to crack the verification hash of the encrypted payload of the notorious Gauss malware.
Discovered back in August, Gauss is a highly sophisticated state-sponsored Trojan. Many of its inner workings have remained a mystery for researchers, especially its payload, which couldn’t be decrypted.
Since they didn’t manage to break the encryption that protected the payload from the Trojan’s Godel module, Kaspersky experts turned to outside help, hoping that experienced cryptographers or mathematicians could come up with a solution.
The best thing about this tool is that it’s very fast. For instance, on an AMD FX 8120 (CPU), it performs at 14k c/s, while on an AMD Radeon HD 7970 (GPU), it runs at 489k c/s.
oclGaussCrack is available for download here