Mass decrypt files with known key #2
Comments
|
Hey, sorry for late response. It already supports decrypting a directory now. Please refers to release v1.2. Isn't Prometheus use different keys (generated by near seeds) to encrypt each file? It currently only supports using one known key to decrypt a directory. Is it necessary to decrypt a directory with a bunch of known keys for each file? |
|
90% encrypted files use one key, other files were blocked from being overwritten by applications, they just changed the name |
|
In the sample we referred to, it encrypted each file with the current tickcount. Thus, the passwords for each file were different, while their generated seeds (tickcount) were near. Here is the sample: https://www.virustotal.com/gui/file/9bf0633f41d2962ba5e2895ece2ef9fa7b546ada311ca30f330f0d261a7fb184/detection Could you please provide the hash of your sample? Maybe it's a variant one. I would like to add its mechanism to the decryptor. By the way, our current version can decrypt a directory with a known key. You should decrypt a file to get the password at first, then using the command below. |
Please add a directory (and disk?) selection for decryption with a known key on cli version for automate decrypt
The text was updated successfully, but these errors were encountered: