• We just launched and are currently in beta. Join us as we build and grow the community.

WannCry RanSomware Builder

Zerxs

Market Demand Exploiter
Z
Z Rep
0
0
0
Rep
0
Z Vouches
0
0
0
Vouches
0
Posts
176
Likes
64
Bits
0
2 MONTHS
2 2 MONTHS OF SERVICE
LEVEL 1 300 XP
WannaCry|WannaDecrypt0r NSA-Cyberweapon-Powered Ransomware Worm
  • Virus Name: WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY
  • Vector: All Windows versions before Windows 10 are vulnerable if not patched for MS-17-010. It uses EternalBlue MS17-010 to propagate.
  • Ransom: between $300 to $600. There is code to 'rm' (delete) files in the virus. Seems to reset if the virus crashes.
  • Backdooring: The worm loops through every RDP session on a system to run the ransomware as that user. It also installs the DOUBLEPULSAR backdoor. It corrupts shadow volumes to make recovery harder. (source: malwarebytes)
  • Kill switch: If the website http://www.iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com is up the virus exits instead of infecting the host. (source: malwarebytes). This domain has been sinkholed, stopping the spread of the worm. Will not work if proxied


rich-file.png



You must upgrade your account or reply in the thread to view hidden text.


favicon.ico
mega.nz
[

You must upgrade your account or reply in the thread to view hidden text.

]


untid-jpg.222276
 
You must log in or register to reply here.

431,395

312,441

312,450

C Crackly22
Top