TorRansomware

C/C++ (GCC MinGW) ransomware using Tor .onion network. xri65fopcxkdfxhi4tidsg7cad.onion Tor C2. Victim secret key: 6F2PQ14O2POZ1JB5PSD65HUJP19Y9DU1. RSA-encrypted file keys. Wallpaper hijack (C:\Users\Public g.jpg + NoChangingWallPaperu003d1). SetThreadContext process injection. 17 sections obfuscation.

Threat Profile
Type Ransomware
Programming LanguageC (GCC MinGW)
C2 ProtocolTor/.onion
First Seen2024
Targets Küresel
Purpose / Capabilities
  • File Encryption/Ransomware

C2 Servers 1

Address Port Protocol Status Action
xri65fopcxkdfxhi4tidsg7cad.onion
Tor hidden service -- ransomware payment portal
80 custom INACTIVE

⚠ C2 addresses are shared solely for threat intelligence and defensive purposes. Unauthorized access to these addresses constitutes a criminal offense.

Research Reports (1)

Critical

TorRansomware 67a78b39 -- xri65fopcxkdfxhi4tidsg7cad.onion Tor C2, Kurban Secret Key 6F2PQ14O2POZ1JB5PSD65HUJP19Y9DU1, SetThreadContext Enjeksiyon, Duvar Kagidi Fidye Hijack | Kritik

TorRansomware PE32+ x64 GCC. xri65fopcxkdfxhi4tidsg7cad.onion Tor C2. Kurban key 6F2PQ14O2POZ1JB5PSD65HUJP19Y9DU1. RSA dosya sifreleme. SetThreadContext enjeksiyon. NoChangingWallPaper kayit defteri.

Read Report →