Pay2Key Ransomware Sample Download

Posted Under: Download Free Malware Samples , Malware, Ransomware, Windows on Nov 13, 2020
Pay2Key Ransomware Sample Download
Pay2Key Ransomware apparently target towards business in Brazil and Israel. It looks for open RDP ports and swiftly spreads in entire network with in one hour. A hybrid of symmetric and asymmetric cryptography is used for encrypting files - using the AES and RSA algorithms. The C&C server generates and transmits an RSA public key at run time. This means that Pay2Key does not encrypt offline and if there is no internet connection or C&C is not available, encryption will not happen. RC4 is used for some cryptographic functions (not for encrypting files). The authors of Pay2Key used a third party implementation (via Windows API). The Network ID from the note (GUID format) is stored as ASCII at the beginning of the file, followed by some metadata as [WORD length] [data], including the original filename. Pay2Key Ransom Note

After completing the infection phase, the victims received a customized ransom note, with a demanding of 7-9 bitcoins (~$110K-$140K). A extension of .pay2key is added to the encrypted files.

Pay2Key Ransomware Signatures

Family: Ransom:Win32/FileCryptor!MTB
MD5: f3076add8669d1c33cd78b6879e694de
SHA256: 5bae961fec67565fb88c8bcd3841b7090566d8fc12ccb70436b5269456e55c00

Pay2Key Ransomware Download

Download Pay2Key Ransomware Sample