TorRansomware
C/C++ (GCC MinGW) ransomware using Tor .onion network. xri65fopcxkdfxhi4tidsg7cad.onion Tor C2. Victim secret key: 6F2PQ14O2POZ1JB5PSD65HUJP19Y9DU1. RSA-encrypted file keys. Wallpaper hijack (C:\Users\Public g.jpg + NoChangingWallPaperu003d1). SetThreadContext process injection. 17 sections obfuscation.
Threat Profile
Type
Ransomware
Programming LanguageC (GCC MinGW)
C2 ProtocolTor/.onion
First Seen2024
Targets
Küresel
Purpose / Capabilities
- File Encryption/Ransomware
C2 Servers 1
| Address | Port | Protocol | Status | Action |
|---|---|---|---|---|
xri65fopcxkdfxhi4tidsg7cad.onion
Tor hidden service -- ransomware payment portal
|
80 | custom | INACTIVE |
⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.
Research Reports (1)
TorRansomware 67a78b39 -- xri65fopcxkdfxhi4tidsg7cad.onion Tor C2, Kurban Secret Key 6F2PQ14O2POZ1JB5PSD65HUJP19Y9DU1, SetThreadContext Enjeksiyon, Duvar Kagidi Fidye Hijack | Kritik
TorRansomware PE32+ x64 GCC. xri65fopcxkdfxhi4tidsg7cad.onion Tor C2. Kurban key 6F2PQ14O2POZ1JB5PSD65HUJP19Y9DU1. RSA dosya sifreleme. SetThreadContext enjeksiyon. NoChangingWallPaper kayit defteri.
Read Report →