VenisRansomware

1. Use this https://github.com/stascorp/rdpwrap to enable Remote Desktop Host support. Inside the infected host creates an user called "TEST" with password used for remote sessions.
2.  
3. No file encrypted so far. Probably test in production...
4.  
5. Domain: developersecurity.gq
6.  
7. Interesting strings:
8.  
9. EXTENSION
10.  
11. .CSV
12. .DOC
13. .PPT
14. .XLS
15. .avi
16. .bak
17. .bmp
18. .dbf
19. .djvu
20. .docx
21. .exe
22. .flv
23. .gif
24. .jpeg
25. .jpg
26. .max
27. .mdb
28. .mdf
29. .mkv
30. .mov
31. .mpeg
32. .mpg
33. .odt
34. .pdf
35. .png
36. .pps
37. .pptm
38. .pptx
39. .psd
40. .rar
41. .raw
42. .tar
43. .tif
44. .txt
45. .vob
46. .wav
47. .wma
48. .wmv
49. .xlsb
50. .xlsx
51. .zip
52.  
53. URL
54.  
55. http://facebook.com/
56. http://www.google.com
57. https://m.facebook.com/friends/center/friends/?ppk=%d
58. https://m.facebook.com/messages/thread/%s
59. https://m.facebook.com/profile.php?v=friends
60.  
61. IP
62. 198.55.115.41
63.  
64. FILENAME
65.  
66. 1.exe
67. 3.exe
68. ADVAPI32.dll
69. ALMon.exe
70. ALsvc.exe
71. AVK.exe
72. AVKProxy.exe
73. AVKService.exe
74. AVKTray.exe
75. AVKWCtlx64.exe
76. AdAwareDesktop.exe
77. AdAwareService.exe
78. AdAwareTray.exe
79. AgentSvc.exe
80. AntiHook.exe
81. AvastSvc.exe
82. AvastUi.exe
83. BDSSVC.EXE
84. Bav.exe
85. BavSvc.exe
86. BavTray.exe
87. BavUpdater.exe
88. BavWebClient.exe
89. BgScan.exe
90. BullGuarScanner.exe
91. BullGuard.exe
92. BullGuardUpdate.exe
93. CEmRep.exe
94. CMD.EXE
95. CMain.exe
96. CONSCTLX.EXE
97. CRYPT32.dll
98. CV.exe
99. CavAUD.exe
100. CavApp.exe
101. CavCons.exe
102. CavEmSrv.exe
103. CavMud.exe
104. CavQ.exe
105. CavSn.exe
106. CavSub.exe
107. CavUMAS.exe
108. CavUserUpd.exe
109. Cavmr.exe
110. Cavoar.exe
111. Cavvl.exe
112. CisTray.exe
113. ClamTray.exe
114. ClamWin.exe
115. DCSUserProt.exe
116. DTAgent.exe
117. EMLPROXY.EXE
118. EXPLORER.EXE
119. Ethereal.exe
120. FIREFOX.EXE
121. FPAVServer.exe
122. FPWin.exe
123. FProtTray.exe
124. FSHDLL64.exe
125. FSM32.EXE
126. FSMA32.EXE
127. GDKBFltExe32.exe
128. GDSC.exe
129. GDScan.exe
130. GpChromeDatabasegInx64.exe
131. InstLsp.exe
132. JavaUpdate.exe
133. K7AVScan.exe
134. K7CrvSvc.exe
135. K7EmlPxy.EXE
136. K7FWSrvc.exe
137. K7PSSrvc.exe
138. K7RTScan.exe
139. K7SysMon.Exe
140. K7TSMain.exe
141. K7TSMngr.exe
142. K7TSecurity.exe
143. KERNEL32.DLL
144. KERNEL32.dll
145. Kernel32.dll
146. Lite.exe
147. LittleHook.exe
148. MCShieldCCC.exe
149. MCShieldDS.exe
150. MCShieldRTM.exe
151. MOZGLUE.dll
152. MSASCui.exe
153. MSVCP120.dll
154. MSVCP90.dll
155. MSVCR120.dll
156. MSVCR90.DLL
157. MSVCR90.dll
158. MSVCRT.dll
159. MWAGENT.EXE
160. MWASER.EXE
161. MpCmdRun.exe
162. MpUXSrv.exe
163. MsMpEng.exe
164. NETAPI32.dll
165. NS.exe
166. NSS3.dll
167. Netcap.exe
168. Netmon.exe
169. Ntdll.dll
170. OLEAUT32.dll
171. ONLINENT.EXE
172. OPSSVC.EXE
173. OnAccessInstaller.exe
174. PSANHost.exe
175. PSUAMain.exe
176. PSUAService.exe
177. Packetizer.exe
178. Packetyzer.exe
179. Prefs.js
180. ProcessHacker.exe
181. PtSessionAgent.exe
182. PtSvcHost.exe
183. PtWatchDog.exe
184. QUHLPSVC.EXE
185. RDPWInst.exe
186. RDTask.exe
187. SAPISSVC.EXE
188. SASCore64.exe
189. SASTask.exe
190. SAVAdminService.exe
191. SBAMSvc.exe
192. SBAMTray.exe
193. SBPIMSvc.exe
194. SCANNER.EXE
195. SCANWSCS.EXE
196. SDFSSvc.exe
197. SDScan.exe
198. SDTray.exe
199. SDWelcome.exe
200. SELF.EXE
201. SETUPAPI.DLL
202. SHELL32.dll
203. SSUpdate64.exe
204. SUPERAntiSpyware.exe
205. SUPERDelete.exe
206. SavService.exe
207. SbieDll.dll
208. ScSecSvc.exe
209. Sniffer.exe
210. SoftAct.exe
211. SpreadMsg.txt
212. SpyHunter3.exe
213. Sqlite3.dll
214. TESTAPP.EXE
215. THGuard.exe
216. TRAYICOS.EXE
217. TRAYSSER.EXE
218. Taskmgr.exe
219. Tcpdump.exe
220. Tethereal.exe
221. USER32.DLL
222. USER32.dll
223. UUpd.exe
224. UnThreat.exe
225. Uninstall.exe
226. User32.dll
227. UserAccountControlSettings.exe
228. V3Main.exe
229. V3Medic.exe
230. V3SP.exe
231. V3Svc.exe
232. V3Up.exe
233. VCATCH.EXE
234. VIEWTCP.EXE
235. VIPREUI.exe
236. VSDesktop.exe
237. VSSADMIN.EXE
238. WININET.dll
239. WS2_32.dll
240. WebCompanion.exe
241. Windump.exe
242. Wininet.dll
243. Wireshark.exe
244. Zanda.exe
245. Zlh.exe
246. acs.exe
247. adoronsfirewall.exe
248. alertwall.exe
249. alupdate.exe
250. app_firewall.exe
251. apvxdwin.exe
252. armorwall.exe
253. as3pf.exe
254. asr.exe
255. aupdrun.exe
256. authfw.exe
257. avas.exe
258. avcom.exe
259. avkproxy.exe
260. avkservice.exe
261. avktray.exe
262. avkwctl.exe
263. avkwctrl.exe
264. avmgma.exe
265. avp.exe
266. avpmapp.exe
267. avtask.exe
268. aws.exe
269. backgroundscanclient.exe
270. bavhm.exe
271. bgctl.exe
272. bgnt.exe
273. blackd.exe
274. blackice.exe
275. blinksvc.exe
276. bootsafe.exe
277. bullguard.exe
278. capinfos.exe
279. cavasm.exe
280. cavwp.exe
281. cdas17.exe
282. cdas2.exe
283. cdinstx.exe
284. cis.exe
285. clamd.exe
286. clamscan.exe
287. cmdagent.exe
288. cmgrdian.exe
289. configmgr.exe
290. configuresav.exe
291. coreFrameworkHost.exe
292. coreServiceShell.exe
293. cpd.exe
294. dfw.exe
295. dlservice.exe
296. dltray.exe
297. dragon_updater.exe
298. dumpcap.exe
299. dvpapi.exe
300. dwengine.exe
301. econceal.exe
302. econser.exe
303. editcap.exe
304. ekern.exe
305. ekrn.exe
306. emlproui.exe
307. emlproxy.exe
308. endtaskpro.exe
309. escanmon.exe
310. escanpro.exe
311. espwatch.exe
312. eui.exe
313. fameh32.exe
314. fgui.exe
315. filedeleter.exe
316. filemon.exe
317. firewall.exe
318. firewall2004.exe
319. firewallgui.exe
320. freshclam.exe
321. freshclamwrap.exe
322. fsgk32.exe
323. fshoster32.exe
324. fsma32.exe
325. fsorsp.exe
326. fsrt.exe
327. fssm32.exe
328. fwsrv.exe
329. gateway.exe
330. guardxkickoff_x64.exe
331. guardxservice.exe
332. hpf_.exe
333. iface.exe
334. invent.exe
335. ipatrol.exe
336. ipcserver.exe
337. ipctray.exe
338. iptray.exe
339. kav.exe
340. kpf4gui.exe
341. kpf4ss.exe
342. licwiz.exe
343. livehelp.exe
344. lookout.exe
345. lpfw.exe
346. mbam.exe
347. mbamscheduler.exe
348. mbamservice.exe
349. mcods.exe
350. mcvsescn.exe
351. mergecap.exe
352. mpf.exe
353. mpfcm.exe
354. msconfig.exe
355. mscoree.dll
356. msseces.exe
357. mwsmpl.exe
358. nanoav.exe
359. nanosvc.exe
360. navapsvc.exe
361. nbrowser.exe
362. netguardlite.exe
363. nfservice.exe
364. njeeves2.exe
365. nnf.exe
366. nod32.exe
367. nod32krn.exe
368. nprosec.exe
369. nseupdatesvc.exe
370. nss3.dll
371. nstzerospywarelite.exe
372. ntdll.dll
373. nvcod.exe
374. nvcsvc.exe
375. nvoy.exe
376. nwscmon.exe
377. oasclnt.exe
378. ole32.dll
379. omnitray.exe
380. onlinent.exe
381. op_mon.exe
382. opf.exe
383. opfsvc.exe
384. outpost.exe
385. pcipprev.exe
386. pctav.exe
387. pctavsvc.exe
388. pcviper.exe
389. persfw.exe
390. pfft.exe
391. pgaccount.exe
392. prevxcsi.exe
393. prifw.exe
394. privatefirewall3.exe
395. procexp.exe
396. procguard.exe
397. procmon.exe
398. protect.exe
399. pxagent.exe
400. rawshark.exe
401. regedit.exe
402. rtt_crc_service.exe
403. sab_wab.exe
404. sagui.exe
405. savadminservice.exe
406. savcleanup.exe
407. savcli.exe
408. savmain.exe
409. savprogress.exe
410. savservice.exe
411. scfmanager.exe
412. scfservice.exe
413. schedulerdaemon.exe
414. scproxysrv.exe
415. sdcdevcon.exe
416. sdcdevconIA.exe
417. sdcdevconx.exe
418. sdcservice.exe
419. sdtrayapp.exe
420. siteadv.exe
421. sndsrvc.exe
422. snsmcon.exe
423. snsupd.exe
424. sp_rsser.exe
425. spfirewallsvc.exe
426. sppfw.exe
427. spybotsd.exe
428. spywareterminatorshield.exe
429. ssupdate.exe
430. terminet.exe
431. text2pcap.exe
432. tppfdmn.exe
433. trigger.exe
434. tscutynt.exe
435. tshark.exe
436. tzpfw.exe
437. uiSeAgnt.exe
438. uiUpdateTray.exe
439. uiWatchDog.exe
440. uiWinMgr.exe
441. umxagent.exe
442. umxtray.exe
443. updclient.exe
444. utsvc.exe
445. uwcdsvr.exe
446. vdtask.exe
447. virusutilities.exe
448. webwall.exe
449. winroute.exe
450. wireshark.exe
451. wwasher.exe
452. xauth_service.exe
453. xfilter.exe
454. zanda.exe
455. zerospywarele.exe
456. zerospywarelite_installer.exe
457. zlh.exe
458. zlhh.exe
459.  
460. PATH
461.  
462. C:\Batman
463.  
464. EMAIL
465.  
466. VenisRansom@protonmail.com