FunkSecRansomware

FunkSec Rust ransomware. XChaCha20-Poly1305 AEAD encryption via orion crate. Developer C:\Users\Abdellah. 3 Tor .onion C2 + self.su. 0.1 BTC ransom. Kills WinDefend, clears event logs, detects VMs.

Threat Profile
Type Ransomware
Programming LanguageRust
C2 ProtocolTor/HTTP
First Seen2024
Targets Kuresel/Kurumsal
Purpose / Capabilities
  • File Encryption/Ransomware

C2 Servers 4

Address Port Protocol Status Action
ex53k6m2x3esjwlxrkb3qiztid.onion
FunkSec Tor onion C2
80 custom INACTIVE
fa5irwalw2kjem6tvofji7rwid.onion
FunkSec Tor onion C2
80 custom INACTIVE
uwkaupik4yrlgtycew3ergraid.onion
FunkSec Tor onion C2
80 custom INACTIVE
self.su
FunkSec Soviet TLD C2
80 HTTP INACTIVE

⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.

Research Reports (1)

Critical

FunkSecRansomware 00acf5d0 -- Rust ChaCha20-Poly1305 3 Tor Onion C2 self.su BTC WinDefend Kill VM Detection

FunkSec Ransomware 00acf5d0 Rust PE32plus x64 5.4MB. ChaCha20-Poly1305 sifreleme. 3 Tor onion C2 plus self.su domain. BTC 0.1 talep. Gelistirici Abdellah. WinDefend kill + event log temizle.

Read Report →