.onion
domain allow you to hide almost completely your server.$GOPATH/bin
in your $PATH and $GOROOT
pointing to your Go installation folder. For me:make
do your job:make -e GOOS=windows
. True to the game 3 free download.make
, you can use the following variables:make -e USE_TOR=true SERVER_HOST=mydomain.com SERVER_PORT=80 GOOS=darwin
SERVER_
variables above only apply to the malware. The server has a flag --port
that you can use to change the port that it will listen on..onion
domains will work without problems. http://2af7161c.ngrok.io
. Keep this command running otherwise the malware won't reach our server.SERVER_PORT
needs to be 80
in this case, since ngrok redirects 2af7161c.ngrok.io:80
to your local server port 8080
. https://faqnew713.weebly.com/blog/ayumi-kirishima-becomes-a-soap-lady-download-torrent.ransomware.exe
, and unlocker.exe
along with a folder called server
will be generated in the bin folder. The execution of ransomware.exe
and unlocker.exe
(even if you use a diferent GOOS variable during compilation) is locked to windows machines only.http://2af7161c.ngrok.io
:OK
and some logs in the server output you are ready to go.ransomware.exe
and unlocker.exe
to the VM along with some dummy files to test the malware. You can take a look at cmd/common.go to see some configuration options like file extensions to match, directories to scan, skipped folders, max size to match a file among others.ransomware.exe
and see the magic happens HIDDEN
option described in the compilation section.READ_TO_DECRYPT.html
and FILES_ENCRYPTED.html
in the Desktop.unlocker.exe
and you can use then to recover your files. This exchange can be accomplished in several ways and WILL NOT be implemented in this project for obvious reasons.:id
is your identification stored in the file on desktop. After, run the unlocker.exe
by double click and follow the instructions.POST api/keys/add
- Used by the malware to persist new keys. Some verifications are made, like the verification of the RSA autenticity. Returns 204 (empty content) in case of success or a json error.GET api/keys/:id
- Id is a 32 characters parameter, representing an Id already persisted. Returns a json containing the encryption key or a json error