LANRansomware

Unspecified Delphi-based LAN ransomware. AES-ECB and AES-CTR mode encryption, local network shares scanning and encryption capability. /stealth, /wipeonly command line options. how_to_decrypt.txt ransom note. 11-section PE32+ TLS.

Threat Profile
Type Ransomware
Programming LanguageDelphi
C2 ProtocolTCP/HTTPS
First Seen2024
Targets Küresel
Purpose / Capabilities
  • File Encryption/Ransomware

C2 Servers 1

Address Port Protocol Status Action
tmonitor.pw
443 HTTPS INACTIVE

⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.

Research Reports (2)

High

LANRansomware 48877a3a -- Delphi folder-reserved-by-lan-encryptor AES-ECB-CTR dot-encrypted-extension how-to-decrypt-txt stealth-mode wipeonly-flag WSAStartup-network-scan 11-sections-TLS | Yuksek

LANRansomware 48877a3a Delphi PE32+ x64 535KB 11-section TLS. LAN network encryptor. AES-ECB+CTR. .-encrypted uzantisi. how_to_decrypt.txt. /stealth /wipeonly modlari. WSAStartup ag tarama.

Read Report →
Critical

LANRansomware 48877a3a -- folder_reserved_by_lan_encryptor LAN Ag Sifreleme, EncryptECB DecryptECB AES ECB Modu, is_stealth cmd_list Gizli Mod Bayraklari, wipeonly Silme Modu, TMonitor.PW C2 Domain | Kritik

LANRansomware 48877a3a PE32+ x64 535KB Delphi. folder_reserved_by_lan_encryptor LAN sifreleme. EncryptECB DecryptECB AES ECB. is_stealth cmd_list gizli mod. wipeonly silme modu. TMonitor.PW C2.

Read Report →