BloodyMary is an educational tool (trojan-virus or Ransomware) for training cybersecurity specialists, simulating realistic phishing attacks with social engineering elements. This project was created to raise awareness about cyber threats and demonstrate the consequences of running suspicious files.
β οΈ WARNING: This tool is intended EXCLUSIVELY for educational purposes and authorized testing in controlled environments.
- Training personnel in cybersecurity fundamentals
- Demonstrating realistic phishing techniques
- Raising awareness about social engineering
- Testing readiness for cyber threats
- β System information gathering (OS, processor, RAM)
- β Network configuration analysis (IP, MAC, adapters)
- β Active process enumeration
- β Username and computer name identification
- β Execution time verification (bypass time acceleration)
- β Process count analysis (sandbox detection)
- β RAM volume checking (VM detection)
- β Activation delay (behavioral analysis evasion)
- β TCP transmission (SSH imitation)
- β HTTP fallback for reliability
- β Network settings obfuscation
- β Unique filename generation
- β Realistic visual effects
- β Psychological impact
- β Ransomware behavior imitation
- β Educational messages
- Realistic Blood: Physical simulation of drops with gravity
- Ghostly Messages: Flickering text with glow effect
- Fullscreen Animation: Optimized for Full HD (1920x1080)
- Double Buffering: Smooth animation without flickering
// Blood drop physics
drops[i].velocityY += drops[i].acceleration;
drops[i].x += drops[i].velocityX;
drops[i].y += drops[i].velocityY;
// Color gradient creation
COLORREF CreateBloodGradient(int baseRed, int variation, int alpha)- Stealth Launch - No visible signs
- Data Collection - Silent system analysis
- Anti-Sandbox - Virtual environment check
- Exfiltration - Data transmission to "C&C server"
- Psychological Effect - Dramatic visualization
- Educational Finale - Explanation of what happened
- Arch Linux (or any Linux with MinGW-w64)
- MinGW-w64 cross-compiler
- UPX for compression (optional)
- Wine for testing (optional)
# Install dependencies
sudo pacman -S mingw-w64-gcc mingw-w64-binutils mingw-w64-headers mingw-w64-crt upx wine
# Clone repository
git clone https://github.com/toxy4ny/bl00dym4ry.git
cd bl00dym4ry
# Build
make
# or
./build.sh
# Build both versions (32-bit and 64-bit)
make all
# or
./build.sh all# 64-bit version
x86_64-w64-mingw32-gcc -Os -s -static -DWIN32_LEAN_AND_MEAN \
-ffunction-sections -fdata-sections -fno-ident -fomit-frame-pointer \
-o bl00dym3ry.exe main.c \
-Wl,--gc-sections -Wl,--strip-all -Wl,--build-id=none \
-static-libgcc -static-libstdc++ \
-lwininet -lws2_32 -liphlpapi -luser32 -lkernel32 -lgdi32 \
-lshell32 -ladvapi32 -lole32 -loleaut32 -luuid -lmsimg32
# Size optimization
x86_64-w64-mingw32-strip --strip-all bl00dym3ry.exe
upx --best --lzma bl00dym3ry.exe- Email Attachment: Disguised as document or image
- USB Drop: Placed on USB drive with attractive name
- Social Media: Distributed as "interesting file"
- Corporate Network: Test employee awareness
- IT Specialists - Technical threat understanding
- Managers - Business risk comprehension
- Regular Users - Cybersecurity hygiene basics
- Students - Practical learning
- Desktop Report:
SECURITY_TRAINING_REPORT.txton desktop - Remote Logging: Server transmission for analysis
- Timestamp: Precise execution time
- System Fingerprint: Unique system identification
===============================================================
CYBERSECURITY TRAINING REPORT
===============================================================
WARNING: This is the result of a phishing training test
YOU SUCCESSFULLY LAUNCHED A SUSPICIOUS FILE!
What happened:
+ System information was collected
+ Data was sent to external server
+ Visual effects were demonstrated
+ Malicious activity was simulated
RECOMMENDATIONS:
1. Don't open suspicious attachments
2. Verify email senders
3. Use antivirus software
4. Regularly update software
5. Be careful with links
- Authorized testing in own infrastructure
- Educational programs with participant consent
- Threat demonstration in controlled environment
- Corporate cybersecurity training
- Attacks on foreign systems without permission
- Causing real harm or damage
- Violating computer crime legislation
- Commercial use without license
// File does NOT cause real harm:
// - Does not encrypt files
// - Does not install backdoors
// - Does not modify system settings
// - Creates only educational report[β] Anti-sandbox checks passed
[β] Console window hidden
[β] Process started successfully
[β] System information collected
[β] Network configuration analyzed
[β] Process enumeration completed
[β] User credentials identified
[β] Data packaged for transmission
[β] TCP connection established
[β] Information sent to C&C server
[β] Connection terminated
[β] Screen effects activated
[β] Horror elements displayed
[β] Victim awareness achieved
[β] Educational message delivered
// Change obfuscated SSH settings
static char ssh_host[] = {0x73, 0x7f, 0x7f, 0x3a, 0x66, 0x6d, 0x63, 0x3a, 0x66, 0x3a, 0x66, 0x72, 0x72, 0x00};
static char ssh_user[] = {0x05, 0x16, 0x17, 0x03, 0x16, 0x02, 0x03, 0x00};
static char ssh_pass[] = {0x08, 0x34, 0x09, 0x16, 0x01, 0x02, 0x16, 0x08, 0x67, 0x65, 0x67, 0x69, 0x00};// Blood intensity configuration
#define BLOOD_DROPS_COUNT 80
#define BLOOD_SPLATTERS_COUNT 150
#define BLOOD_TRAILS_COUNT 300
#define ANIMATION_FRAMES 500// Check configuration
#define MIN_SLEEP_TIME 2800
#define MIN_PROCESS_COUNT 25
#define MIN_RAM_SIZE (1024 * 1024 * 1024)- Use as practical assignment
- Explain each technique after demonstration
- Discuss protection methods
- Conduct debriefing with participants
- Analyze evasion techniques
- Study obfuscation methods
- Develop countermeasures
- Improve detection systems
- Demonstrate real risks
- Justify security investments
- Raise personnel awareness
- Create security culture
If you found a bug or issue:
- Check existing issues
- Create new issue with detailed description
- Attach system information
- Specify reproduction steps
- New evasion techniques
- Additional visual effects
- Information gathering improvements
- Performance optimization
- Fork repository
- Create feature branch
- Make changes
- Write tests
- Create pull request
This project is distributed under the MIT License. See LICENSE file for details.
MIT License
Copyright (c) 2025 Hackteam.Red
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
IMPORTANT: This project is created exclusively for educational purposes and authorized security testing. The authors are not responsible for improper use of this software.
Using this tool to attack systems without explicit permission from their owners is illegal and may result in criminal liability.
- OWASP - Web security fundamentals
- NIST Cybersecurity Framework - Cybersecurity standards
- MITRE ATT&CK - Attack techniques database
- Social Engineering Toolkit - Social engineering tools
Thanks to all project contributors and the cybersecurity community for their contribution to creating a safer digital world! Especially for the idea of blood on the screen from the early 00s, when we discussed visual effects for viruses with virusmaker with nick "DES/29A" on the IRC channel.
βββββββ βββ βββββββ βββββββ βββββββ ββββ ββββ ββββββ βββββββ βββ βββ
βββββββββββ βββββββββββββββββββββββββββββββ βββββββββββββββββββββββββ ββββ
βββββββββββ βββ ββββββ ββββββ ββββββββββββββββββββββββββββββ βββββββ
βββββββββββ βββ ββββββ ββββββ ββββββββββββββββββββββββββββββ βββββ
βββββββββββββββββββββββββββββββββββββββββββββ βββ ββββββ ββββββ βββ βββ
βββββββ ββββββββ βββββββ βββββββ βββββββ βββ ββββββ ββββββ βββ βββ
π Trojan Phishing Simulator for Cybersecurity Training π
Version: 1.0.0 | Last Updated: 2025