Tartarus CryptoLocker
Introduction & Core Features
Today, I bring you a new version of CryptoLocker, coded completely from scratch. The locker is coded mainly in C++ with a little bit of ASM. I have implemented an applied version of elliptic curve cryptography (ECC) to ensure an unbreakable lock is placed on the victims' system. This locker uses the Tor network and supports Bitcoin for payment processing, ensuring maximum anonymity. Traffic is then further encrypted with 256-bit AES encryption to ensure additional security. Tartarus CryptoLocker has the ability to detect virtual machines and will not execute in the case of detecting one, ensuring that your stub becomes exponentially harder to reverse. The bin size is roughly 500kb and comes with the ability for a downloader, in the event you need a smaller size.
Panel:
The panel is located on the Tor network (.onion link) and includes advanced statistics such as geographical information, conversion rate, total money earned, average files encrypted, and installs per day. The panel is in English but a Russian version is available if needed. Inside the panel, you can customize prices depending on the bot's geographical information. This drastically increases conversions.
Additional Features:
- UAC Bypass: bypasses UAC by tricking the victim's computer into thinking that the UAC prompt is from a legitimate file
- Shadow Drive Deletion: Shadow drives and restore points are deleted to ensure a bypass is not possible.
Files Encrypted:
"3fr", "accdb", "txt", "ai", "arw", "bay", "cdr", "png", "cer", "cr2", "eps", "erf", "indd", "mp3", "mp4", "jpeg", "jpg", "kdc", "mdb", "mdf", "mef", "mrw", "nef", "crt", "crw", "dbf", "dcr", "der", "dng", "doc", "docm", "docx", "dwg", "dxf", "dxg", "rwl", "srf", "srw", "wb2", "wpd", "wps", "xlk", "nrw", "odb", "odm", "odp", "ods", "odt", "orf", "p12", "p7b", "p7c", "pdd", "xls", "xlsb", "xlsm", "xlsx", "pef", "pem", "pfx", "ppt", "pptm", "pptx", "psd", "pst", "ptx", "r3d", "raf", "raw", "rtf"
Payment System:
Tartarus CryptoLocker operates under an affiliate system. We take 15% of all payments but that value scales down as you bring more high-quality bots to the scheme.
All payments will be via Bitcoin.
Contact: Tartarus@exploit.im
Introduction & Core Features
Today, I bring you a new version of CryptoLocker, coded completely from scratch. The locker is coded mainly in C++ with a little bit of ASM. I have implemented an applied version of elliptic curve cryptography (ECC) to ensure an unbreakable lock is placed on the victims' system. This locker uses the Tor network and supports Bitcoin for payment processing, ensuring maximum anonymity. Traffic is then further encrypted with 256-bit AES encryption to ensure additional security. Tartarus CryptoLocker has the ability to detect virtual machines and will not execute in the case of detecting one, ensuring that your stub becomes exponentially harder to reverse. The bin size is roughly 500kb and comes with the ability for a downloader, in the event you need a smaller size.
Panel:
The panel is located on the Tor network (.onion link) and includes advanced statistics such as geographical information, conversion rate, total money earned, average files encrypted, and installs per day. The panel is in English but a Russian version is available if needed. Inside the panel, you can customize prices depending on the bot's geographical information. This drastically increases conversions.
Additional Features:
- UAC Bypass: bypasses UAC by tricking the victim's computer into thinking that the UAC prompt is from a legitimate file
- Shadow Drive Deletion: Shadow drives and restore points are deleted to ensure a bypass is not possible.
Files Encrypted:
"3fr", "accdb", "txt", "ai", "arw", "bay", "cdr", "png", "cer", "cr2", "eps", "erf", "indd", "mp3", "mp4", "jpeg", "jpg", "kdc", "mdb", "mdf", "mef", "mrw", "nef", "crt", "crw", "dbf", "dcr", "der", "dng", "doc", "docm", "docx", "dwg", "dxf", "dxg", "rwl", "srf", "srw", "wb2", "wpd", "wps", "xlk", "nrw", "odb", "odm", "odp", "ods", "odt", "orf", "p12", "p7b", "p7c", "pdd", "xls", "xlsb", "xlsm", "xlsx", "pef", "pem", "pfx", "ppt", "pptm", "pptx", "psd", "pst", "ptx", "r3d", "raf", "raw", "rtf"
Payment System:
Tartarus CryptoLocker operates under an affiliate system. We take 15% of all payments but that value scales down as you bring more high-quality bots to the scheme.
All payments will be via Bitcoin.
Contact: Tartarus@exploit.im
