Top Tweets for #PrincessEvolution
π¨ EMOTE GRATIS PRINCESA EVO ππ
ReclΓ‘malo aqui: https://t.co/Hf4g0qwv2b
Β‘No te pierdas este emote gratis! β°
#ClashRoyale #PrincessEvolution #Season84 #EmoteGratis
π¨ FREE PRINCESS EVO EMOTE! ππ
Claim it here: https://t.co/Y3cBKcVeJH
Donβt miss this free emote! β°
#ClashRoyale #PrincessEvolution #Season84 #FreeEmote
Machine Learning With a Little Magic on Top! Learn more about #SentinelOne detection and orchestration engines
https://t.co/uNkyImVOxN
#endpoint #orchestration #rollback #malware #infosec #SentinelOne #MachineLearning #staticAI #ransomware #PrincessEvolution
Machine Learning With a Little Magic on Top! Learn more about #SentinelOne detection and orchestration engines
https://t.co/yuhVN8Utue
#endpoint #orchestration #rollback #malware #infosec #SentinelOne #MachineLearning #staticAI #ransomware #PrincessEvolution
Machine Learning With a Little Magic on Top! Learn more about #SentinelOne detection and orchestration engines
https://t.co/yuhVN8Utue
#endpoint #orchestration #rollback #malware #infosec #SentinelOne #MachineLearning #staticAI #ransomware #PrincessEvolution
Machine Learning With a Little Magic on Top! Learn more about #SentinelOne detection and orchestration engines
https://t.co/yuhVN8Utue
#endpoint #orchestration #rollback #malware #infosec #SentinelOne #MachineLearning #staticAI #ransomware #PrincessEvolution
Machine Learning With a Little Magic on Top! Learn more about #SentinelOne detection and orchestration engines
https://t.co/yuhVN8Utue
#endpoint #orchestration #rollback #malware #infosec #SentinelOne #MachineLearning #staticAI #ransomware #PrincessEvolution
The second data submitted to C&C by #PrincessEvolution #Ransomware
v=16 bytes from CryptGenRandom (only [A-Za-z0-9])
t=f (hardcoded)
f=1 (Not identified)
fin=1 (hardcoded)
![yassine_lemmou's tweet photo. The second data submitted to C&C by #PrincessEvolution #Ransomware
v=16 bytes from CryptGenRandom (only [A-Za-z0-9])
t=f (hardcoded)
f=1 (Not identified)
fin=1 (hardcoded) https://t.co/A0MW4L8iAo](https://pbs.twimg.com/media/DmqqlyNX0AA4_S7.jpg)
#PrincessEvolution #ransomware encrypts the files using #AES128 #CBC mode.
It generates many #ReadFile and #WriteFile for each target file.
After submitting data to its C&C, #PrincessEvolution #Ransomware generates using #CryptDEriveKey a cryptographic session keys derived from the 22 bytes generated by #CryptGenRandom (Only [A-Za-z0-9]{22})
This ransomware encrypts the files by #AES128
![yassine_lemmou's tweet photo. After submitting data to its C&C, #PrincessEvolution #Ransomware generates using #CryptDEriveKey a cryptographic session keys derived from the 22 bytes generated by #CryptGenRandom (Only [A-Za-z0-9]{22})
This ransomware encrypts the files by #AES128 https://t.co/ESVDbFKBwg](https://pbs.twimg.com/media/Dmm70FrWsAE78KL.jpg)
Submitted data to C&C
Some works on #Ransomware propose a detection method based only network activities
This case is not possible for #PrincessEvolution despite it sends this data to C&C before #Encryption
We can alert the user by a #Snort signature that an encryption will occur
The submitted data to C&C before encryption and after encryption of #PrincessEvolution #Ransomware
The encryption is only a xor with 123123123123123....
Submitted data by #PrincessEvolution #Ransomware to its C&C.
#CryptGenRandom #GetUsetDefaultLCID #GetComputerName
I am trying to identify the submitted content of #PrincessEvolution #Ransomware to its C&C, i am now at the variable 'a'.
Fig-1: after the call it put a=0 (hardcoded
Fig-2: the content until 'a'
Fig-3: The variable a from the submitted content of #PrincessLocker
Why this 'a' π€
Machine Learning With a Little Magic on Top! Learn more about #SentinelOne detection and orchestration engines
https://t.co/yuhVN8Utue
#endpoint #orchestration #rollback #malware #infosec #SentinelOne #MachineLearning #staticAI #ransomware #PrincessEvolution
#PrincessEvolution #Ransomware generated 128 bytes like it generated the 22 bytes (#CryptGenRandom then it choses [A-Za-z0-9]). These bytes are the value of the x (Fig-2). I didn't see x in #PrincessLocker.
![yassine_lemmou's tweet photo. #PrincessEvolution #Ransomware generated 128 bytes like it generated the 22 bytes (#CryptGenRandom then it choses [A-Za-z0-9]). These bytes are the value of the x (Fig-2). I didn't see x in #PrincessLocker. https://t.co/nEZBLhO7oz](https://pbs.twimg.com/media/DmX7c2OXgAIW4wb.jpg)
![yassine_lemmou's tweet photo. #PrincessEvolution #Ransomware generated 128 bytes like it generated the 22 bytes (#CryptGenRandom then it choses [A-Za-z0-9]). These bytes are the value of the x (Fig-2). I didn't see x in #PrincessLocker. https://t.co/nEZBLhO7oz](https://pbs.twimg.com/media/DmX7cLOW0AAFT0c.jpg)
After #CryptGenRandom #PrincessEvolution #Ransomware tries to collect only A-->Z, a-->z and 0-->9 among the 5000 randomly generated bytes, Maybe it tries to make an ID victim.
it fills a buffer with 5000 cryptographically random bytes
#PrincessEvolution
I see in the memory dump of #PrincessEvolution #CrypyGenRandom. Some works on #Ransomware propose replace the random number generator of the OS with a defined generator.
Maybe it works here to predefine the random used.
I see in the memory dump of #PrincessEvolution #CrypyGenRandom. Some works on #Ransomware propose replace the random number generator of the OS with a defined generator.
Maybe it works here to predefine the random used.
The #RIG #exploitkit now has a new tool designed to hijack browsing sessions. Its also being used to distribute #princessevolution #ransomware https://t.co/36RSFgZRAU
Last Seen Hashtags on Sotwe
kayes
Seen from Indonesia
kapaklΔ°
Seen from Turkey
siblingsprank
Seen from Netherlands
NoLimit #NoLimit #momson
Seen from Pakistan
ΰΈΰΈ°ΰΉΰΈΰΈ’ΰΈΰΈ§ΰΈ’ΰΉΰΈ«ΰΈΰΉ
Seen from Thailand
boypussy
Seen from United Kingdom
viewsoflyfe
Seen from United States
MetalcardbotduBrasil
Seen from United States
ΰΈΰΉΰΈ³ΰΈΰΈ§ΰΈ’
Seen from Thailand
monkeyapp
Seen from Ukraine
Most Popular Users
Elon Musk 
@elonmusk
240.2M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.9M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.3M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.6M followers
KATY PERRY
@katyperry
86.8M followers
Taylor Swift
@taylorswift13
80.6M followers
Lady Gaga
@ladygaga
72.2M followers
Kim Kardashian
@kimkardashian
69.4M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.5M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
61.1M followers
X
@x
60.9M followers
Selena Gomez
@selenagomez
59.9M followers