FunkSecRansomware
FunkSec Rust ransomware. XChaCha20-Poly1305 AEAD encryption via orion crate. Developer C:\Users\Abdellah. 3 Tor .onion C2 + self.su. 0.1 BTC ransom. Kills WinDefend, clears event logs, detects VMs.
Threat Profile
Type
Ransomware
Programming LanguageRust
C2 ProtocolTor/HTTP
First Seen2024
Targets
Kuresel/Kurumsal
Purpose / Capabilities
- File Encryption/Ransomware
C2 Servers 4
| Address | Port | Protocol | Status | Action |
|---|---|---|---|---|
ex53k6m2x3esjwlxrkb3qiztid.onion
FunkSec Tor onion C2
|
80 | custom | INACTIVE | |
fa5irwalw2kjem6tvofji7rwid.onion
FunkSec Tor onion C2
|
80 | custom | INACTIVE | |
uwkaupik4yrlgtycew3ergraid.onion
FunkSec Tor onion C2
|
80 | custom | INACTIVE | |
self.su
FunkSec Soviet TLD C2
|
80 | HTTP | INACTIVE |
⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.
Research Reports (1)
FunkSecRansomware 00acf5d0 -- Rust ChaCha20-Poly1305 3 Tor Onion C2 self.su BTC WinDefend Kill VM Detection
FunkSec Ransomware 00acf5d0 Rust PE32plus x64 5.4MB. ChaCha20-Poly1305 sifreleme. 3 Tor onion C2 plus self.su domain. BTC 0.1 talep. Gelistirici Abdellah. WinDefend kill + event log temizle.
Read Report →