Exaction Cryptolocker (V2)
Jabber (XMPP): corporate@swissjabber.ch
Exaction Cryptolocker encrypts all files on a user's computer and then provides instructions for decryption. http://en.wikipedia.org/wiki/CryptoLocker
Features:
- Encryption algoritm BlowFish 448 bit (stronger then AES).
- 448 bit key is generated on computer and sent to C&C. Each computer generates unique key. Key is not stored on computer and is purged from RAM.
- All C&C decryption keys are encrypted with the RSA-alg (1024 or 2048 Bit Keys). The Password used to decrypt the private key is not stored and only temporary used(conclusion: even if the server is raided or compromised the User-Passwords cannot be decrypted).
- Locker can communicate with C&C over Tor, without losing any connections (contact support for more information - we are using a different technique).
- Files in all locations (external media and network) are encrypted.
- Encrypted extensions: odt, ods, odp, odm, odc, odb, doc, docx, docm, wps, xls, xlsx, xlsm, xlsb, xlk, ppt, pptx, pptm, mdb, accdb, pst, dwg, xf, dxg, wpd, rtf, wb2, mdf, dbf, psd, pdd, pdf, eps, ai, indd, cdr, jpg, jpe, dng, 3fr, arw, srf, sr2, bay, crw, cr2, dcr, kdc, erf, mef, mrwref, nrw, orf, raf, raw, rwl, rw2, r3d, ptx, pef, srw, x3f, der, cer, crt, pem, pfx, p12, p7b, p7c, c, cpp, txt, jpeg, png, gif, mp3, html, css, js, sql, mp4, flv, m3u, py, desc, con, htm, bin, wotreplay, unity3d , big, pak, rgss3a, epk , bik , slm , lbf, sav , lng ttarch2 , mpq, re4, apk, bsa , cab, ltx , forge ,asset , litemod, iwi, das , upk, bar, hkx, rofl, DayZProfile, db0, mpqge, vfs0 , mcmeta , m2, lrf , vpp_pc , ff , cfr, snx, lvl , arch00, ntl, fsh, w3x, rim ,psk , tor, vpk , iwd, kf, mlx, fpk , dazip, vtf, 001, esm , blob , dmp, layout, menu, ncf, sid, sis, ztmp, vdf, mcgame, fos, sb, itm , wmo , itm, map, wmo, sb, svg, cas, gho,iso ,rar, syncdb ,mdbackup , hkdb , hplg, hvpl, icxs, itdb, itl, mddata, sidd, sidn, bkf , qic, bkp , bc7 , bc6 ,pkpass, tax, gdb, qdf, t12,t13, ibank, sum, sie, sc2save ,d3dbsp, wmv, avi, wma, m4a, 7z, torrent, csv
- AV software cannot decrypt files (Panda Ransomware Decrypt Tool, BitDefender Decrypt, Kaspersky).
- Secure file erase (7 passes).
- Message is displayed on GUI and inside of .txt files created in all folders. This message is configured on C&C, unique by country.
- Compatible with crypters (no EOF).
- Empty recycle bin (all drives).
*All features can be edited by contacting support*
Binary information:
- Coded in C++ (WinAPI)
- No dependencies (.net framework, java, vb6 runtimes, msvcrt100.dll)
- No extra: files, drops, downloads, injects, .dlls. Only single binary!
- Works: 2000, 2003, 2008, 2012, XP, Vista, 7, 8, 8.1 (x32/x64)
- Full unicode support for all languages (English, Russian, Chinese etc...)
- Any account (admin, guest, user)
- No UAC prompt
- Size: 15kb (no compression)
- Numerous protections added to binary (prevent crackers)
- Startup
- Mutex
Information for customers:
- JID: corporate@swissjabber.ch
- Price of binary: $300 (2 customers)
- Price of source code: $900 (1 customer)
- You keep 100% of payments
- Free recompiles and support
- Escrow accepted
- Bitcoin (BTC) only!
- VPS or dedi required - we can recommend servers
- Additional binary which decrypts files (key required)
- USA infections are blocked, but *not* countries nearby such as Canada, this is the new taboo
- Rate 1:200
Screen shots of hidden payment website:
*Payments are displayed on C&C similarly to a facebook notification - not shown here!*
Screen shots of C&C:
Jabber (XMPP): corporate@swissjabber.ch
Jabber (XMPP): corporate@swissjabber.ch
Exaction Cryptolocker encrypts all files on a user's computer and then provides instructions for decryption. http://en.wikipedia.org/wiki/CryptoLocker
Features:
- Encryption algoritm BlowFish 448 bit (stronger then AES).
- 448 bit key is generated on computer and sent to C&C. Each computer generates unique key. Key is not stored on computer and is purged from RAM.
- All C&C decryption keys are encrypted with the RSA-alg (1024 or 2048 Bit Keys). The Password used to decrypt the private key is not stored and only temporary used(conclusion: even if the server is raided or compromised the User-Passwords cannot be decrypted).
- Locker can communicate with C&C over Tor, without losing any connections (contact support for more information - we are using a different technique).
- Files in all locations (external media and network) are encrypted.
- Encrypted extensions: odt, ods, odp, odm, odc, odb, doc, docx, docm, wps, xls, xlsx, xlsm, xlsb, xlk, ppt, pptx, pptm, mdb, accdb, pst, dwg, xf, dxg, wpd, rtf, wb2, mdf, dbf, psd, pdd, pdf, eps, ai, indd, cdr, jpg, jpe, dng, 3fr, arw, srf, sr2, bay, crw, cr2, dcr, kdc, erf, mef, mrwref, nrw, orf, raf, raw, rwl, rw2, r3d, ptx, pef, srw, x3f, der, cer, crt, pem, pfx, p12, p7b, p7c, c, cpp, txt, jpeg, png, gif, mp3, html, css, js, sql, mp4, flv, m3u, py, desc, con, htm, bin, wotreplay, unity3d , big, pak, rgss3a, epk , bik , slm , lbf, sav , lng ttarch2 , mpq, re4, apk, bsa , cab, ltx , forge ,asset , litemod, iwi, das , upk, bar, hkx, rofl, DayZProfile, db0, mpqge, vfs0 , mcmeta , m2, lrf , vpp_pc , ff , cfr, snx, lvl , arch00, ntl, fsh, w3x, rim ,psk , tor, vpk , iwd, kf, mlx, fpk , dazip, vtf, 001, esm , blob , dmp, layout, menu, ncf, sid, sis, ztmp, vdf, mcgame, fos, sb, itm , wmo , itm, map, wmo, sb, svg, cas, gho,iso ,rar, syncdb ,mdbackup , hkdb , hplg, hvpl, icxs, itdb, itl, mddata, sidd, sidn, bkf , qic, bkp , bc7 , bc6 ,pkpass, tax, gdb, qdf, t12,t13, ibank, sum, sie, sc2save ,d3dbsp, wmv, avi, wma, m4a, 7z, torrent, csv
- AV software cannot decrypt files (Panda Ransomware Decrypt Tool, BitDefender Decrypt, Kaspersky).
- Secure file erase (7 passes).
- Message is displayed on GUI and inside of .txt files created in all folders. This message is configured on C&C, unique by country.
- Compatible with crypters (no EOF).
- Empty recycle bin (all drives).
*All features can be edited by contacting support*
Binary information:
- Coded in C++ (WinAPI)
- No dependencies (.net framework, java, vb6 runtimes, msvcrt100.dll)
- No extra: files, drops, downloads, injects, .dlls. Only single binary!
- Works: 2000, 2003, 2008, 2012, XP, Vista, 7, 8, 8.1 (x32/x64)
- Full unicode support for all languages (English, Russian, Chinese etc...)
- Any account (admin, guest, user)
- No UAC prompt
- Size: 15kb (no compression)
- Numerous protections added to binary (prevent crackers)
- Startup
- Mutex
Information for customers:
- JID: corporate@swissjabber.ch
- Price of binary: $300 (2 customers)
- Price of source code: $900 (1 customer)
- You keep 100% of payments
- Free recompiles and support
- Escrow accepted
- Bitcoin (BTC) only!
- VPS or dedi required - we can recommend servers
- Additional binary which decrypts files (key required)
- USA infections are blocked, but *not* countries nearby such as Canada, this is the new taboo
- Rate 1:200
Screen shots of hidden payment website:
*Payments are displayed on C&C similarly to a facebook notification - not shown here!*
Screen shots of C&C:
Jabber (XMPP): corporate@swissjabber.ch