RussianDelphiRansomware
Delphi-compiled ransomware targeting Russian-speaking cybercrime. C2: shopping-na-divane.ru and shoptorgvlg.ru (/system/logs/tool/inst.php). Developer/operator email: Johnmen.24@aol.com. Uses FGIntRSA (Delphi RSA library) for key encryption. File encryption markers: {ENCRYPTSTART}/{ENCRYPTENDED}. Pre-2000 timestamp manipulation.
Threat Profile
Type
Ransomware
Programming LanguageDelphi
C2 ProtocolHTTP
First Seen2024
Targets
Kuresel
Purpose / Capabilities
- File Encryption/Ransomware
No C2 servers have been identified for this family yet.
Research Reports (1)
RussianDelphiRansomware 0442cfab -- shopping-na-divane.ru shoptorgvlg.ru inst.php C2 Plaintext Johnmen.24@aol.com Email IOC FGIntRSA RSA ENCRYPTSTART ENCRYPTENDED Delphi | Kritik
Russian Delphi ransomware 0442cfab .Ransomware extension 379KB. C2: shopping-na-divane.ru + shoptorgvlg.ru /inst.php. Email: Johnmen.24@aol.com. FGIntRSA RSA. ENCRYPTSTART/ENCRYPTENDED markers.
Read Report →