itsMe Posted November 12, 2022 Share Posted November 12, 2022 This is the hidden content, please Sign In or Sign Up It is an advanced Ransomware with a lot of options and fully customizable. It encrypts files in AES CBC with a random generated 256 bit key and with an hardcoded IV. It has a whitelist and a blacklist for the extension of files. It take photos from all the webcams connected to the pc. After the encryption it sends the key and some pc informations to the attacker via email. It retrieves various information from the victim's pc and sends them to the attacker. It also drops a readme.txt file and the decryptor and change the wallpaper of the victim computer. It could also change the extension of crypted files and set a custom icon for those. It is able to upload files on AnonFiles before encryption. At the end it can delete the executable from which it was started. Features AES CBC 256 file encryption Debug mode for fast testing Trojan mode Custom icon for the compiled executable Tasks remover Steal system informations (HWID, IP, CPU brand and threads, RAM, GPU brand, Host name and username, screen resolution, screenshot, clipboard, windows version and language) Take photos of all the webcams Delete restore points Custom file icon for crypted files Change wallpaper Whitelist & Blacklist for files extensions (whitelist have priority) File uploader before encryption Send email with data encrypted in AES CBC 256 Send email also if pc is not connected to internet with a .ps1 file obfuscated thanks to Chimera Self-delete after execution Fully customizable with more than 40 different options easy to change And many more! for educational purposes only This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
itsMe Posted March 8, 2023 Author Share Posted March 8, 2023 Updated Features Encryption of files using the AES CBC 256 algorithm with a randomly generated key and 128-bit IV. Anti-dumping functions to evade detection by some anti-viruses. A whitelist and blacklist for file extensions to target or exclude during encryption. Taking photos from all connected webcams. Stealing system information such as the hardware ID (HWID), IP address, CPU and RAM specs, GPU brand, host name, username, screen resolution, screenshots, clipboard contents, and Wi-Fi passwords. Deleting restore points Custom file icon for encrypted files Changing the wallpaper Uploading files to a remote server before encryption Sending the encryption key and stolen information to the attacker via email or Telegram bot. Self-deletion of the malware executable after execution. Fully customizable with over 60 different options. And many more! for educational purposes only! This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts