https://github.com/godfwarsion/ransomtrace

Ransomware Detection and Analysis Framework
https://github.com/godfwarsion/ransomtrace

csharp incident-response malware-analysis ransomware sigma-rules yara-rules

Last synced: 3 months ago
JSON representation

Ransomware Detection and Analysis Framework

• Host: GitHub
• URL: https://github.com/godfwarsion/ransomtrace
• Owner: GodFWarsion
• License: mit
• Created: 2025-07-04T08:31:32.000Z (3 months ago)
• Default Branch: master
• Last Pushed: 2025-07-04T19:23:03.000Z (3 months ago)
• Last Synced: 2025-07-04T19:38:16.121Z (3 months ago)
• Topics: csharp, incident-response, malware-analysis, ransomware, sigma-rules, yara-rules
• Language: C#
• Homepage:
• Size: 87.9 KB
• Stars: 0
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# RansomTrace: Analysis & Playbook for Ransomware

![RansomTrace Banner](./banner.png)

![GitHub last commit](https://img.shields.io/github/last-commit/GodFWarsion/RansomTrace)

![Repo size](https://img.shields.io/github/repo-size/GodFWarsion/RansomTrace)

![MIT License](https://img.shields.io/github/license/GodFWarsion/RansomTrace)

![Issues](https://img.shields.io/github/issues/GodFWarsion/RansomTrace)

![Stars](https://img.shields.io/github/stars/GodFWarsion/RansomTrace?style=social)

![Platform](https://img.shields.io/badge/platform-Windows%2011-blue?logo=windows)

![Built With](https://img.shields.io/badge/built%20with-C%23%20%7C%20.NET%20WPF-blueviolet?logo=.net)

![Analysis Engine](https://img.shields.io/badge/analysis-YARA%20%7C%20SIGMA-yellow?logo=virustotal)

![Sandbox](https://img.shields.io/badge/integrates-FlareVM%20%7C%20REMnux-orange?logo=vmware)

**RansomTrace** is a modular ransomware analysis and incident response toolkit designed for cybersecurity researchers and forensic analysts. It enables both static and dynamic inspection of malware samples using YARA/SIGMA-based detection, entropy scanning, sandbox integration, and rule auto-generation — all wrapped inside a C# WPF-based GUI.

---

## 🔍 Abstract

Ransomware has evolved into sophisticated cyber threats involving encryption, persistence, anti-analysis, and data theft. **RansomTrace** aims to streamline the forensic process for ransomware by providing a structured platform for investigation, detection, and response. Integrated with the ransomware incident response playbook, the tool automates detection workflows while enabling modular reverse engineering capabilities via FlareVM and REMnux.

---

## 🧠 Key Features

- 🔐 **Static Analysis**  

  - Entropy scanning and visualization  

  - PE structure inspection and string signature analysis  

  - Auto-generated YARA rules from artifacts  

  - Opcode disassembly and binary diffing

- 🧪 **Dynamic Analysis**  

  - API call monitoring (`CreateFile`, `CryptEncrypt`, etc.)  

  - Registry, file system, and memory interaction logging  

  - Honeypot trigger detection  

  - Live behavior monitoring via sandboxed VM

- ⚡ **Rule-Based Detection**  

  - YARA and SIGMA rule integration  

  - Memory rule matching and signature scanning  

  - Log-based behavioral detection using Sysmon + Sigma

- 🧩 **Modular Integration**  

  - Ready for integration with FlareVM, REMnux  

  - Debugging workflows via IDA Pro, x64dbg  

  - Incident Playbook HTML module for live response mapping

---

## 🚀 Getting Started

### 1. Clone the Repository

```bash

git clone https://github.com/GodFWarsion/RansomTrace.git

cd RansomTrace