- Joined
- Jan 8, 2019
- Messages
- 56,621
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,455
- Points
- 2,313
- Credits
- 32,730
6 Years of Service
76%
It is an advanced Ransomware with a lot of options and fully customizable.
It encrypts files in AES CBC with a random generated 256 bit key and with an hardcoded IV.
It has a whitelist and a blacklist for the extension of files.
It take photos from all the webcams connected to the pc.
After the encryption it sends the key and some pc informations to the attacker via email.
It retrieves various information from the victim's pc and sends them to the attacker.
It also drops a readme.txt file and the decryptor and change the wallpaper of the victim computer.
It could also change the extension of crypted files and set a custom icon for those.
It is able to upload files on AnonFiles before encryption.
At the end it can delete the executable from which it was started.
Features
AES CBC 256 file encryption
Debug mode for fast testing
Trojan mode
Custom icon for the compiled executable
Tasks remover
Steal system informations (HWID, IP, CPU brand and threads, RAM, GPU brand, Host name and username, screen resolution, screenshot, clipboard, windows version and language)
Take photos of all the webcams
Delete restore points
Custom file icon for crypted files
Change wallpaper
Whitelist & Blacklist for files extensions (whitelist have priority)
File uploader before encryption
Send email with data encrypted in AES CBC 256
Send email also if pc is not connected to internet with a .ps1 file obfuscated thanks to Chimera
Self-delete after execution
Fully customizable with more than 40 different options easy to change And many more!
for educational purposes only