Last year ransomware scammed more than 10 billion dollar from various organizations and users. We decide in this document research methods from seller to end client.
This report was made by the Hadess and data comes from various sources such as: Dark Web , Deep Web Forums, Sellers and Websites.
Summary of Finding
Abbrev.
Wallet Drainer
Methods of scamming to earn crypto such as: Honeypot smart contract on bsc network, fake nft mint page, Metamask drainer page.
Auto transfer
Phishing system can be transfer crypto from victim wallet to attacker wallets, for example Coinbase Auto Transfer System Phishing can be transfer your coinbase crypto to other wallet
Crypto base
Mixed mail/pass of exchange account can be used in auto-transfer for withdrew without any limitation
Mixed log
Lot of logs included personal information, files, wallet address, wallet private/seed key, …
Fake transaction
Scam transfer crypto that confirm in one of confirmation stages and rollback after 12h till 2 week
Private/Seed Key Reverse
Methods for reverse wallet address and auto-transfer with private key or seed key.
RAMP
Forums about ransomware as a service(raas).
Tools
Fake Transaction Generator
This tool generates fake bitcoin transactions and stays for 07-28 days depending on the blockchain network and license Type.
Price: £ 499.99 – £ 4,999.99
Wallet drainer
Metamask drainer page – price: 4000$
fake nft mint page – price: 2000$
Wallet drainer
Honeypot smart contract on bsc network – price: 500$
Nocryi Logs
Complete informative logs: cookies, authentications, sessions, victim information (hardware), Discord tokens, autocomplete and much more.
BradMax Logs
Complete informative logs: cookies, authentications, sessions, victim information (hardware), Discord tokens, autocomplete and much more.
Baron Cloud Logs
Complete informative logs: cookies, authentications, sessions, victim information (hardware), Discord tokens, autocomplete and much more.
Fate Cloud Logs
Complete informative logs: cookies, authentications, sessions, victim information (hardware), Discord tokens, autocomplete and much more.
Log Checker
Automatically search for keywords in mail access for yahoo / gmail!
Services Cookies Checker: Youtube , Netflix , Gmail , Instagram , Facebook , Yahoo , Steam , Coinbase , Amazon , Binance
All services come with captures like balance,items…
Wallet_dat_net
buy a Bitcoin core wallet.dat file with a lost or forgotten password
Magnus Ransomware
Magnus Ransomware its a sofisticated ransomware which can bypass any anti virus as malwarebites, avast, bitdefender… If it detect it doesnt even do anything because It disable any anti virus or program so its so dificult to dont get hacked.
Step 1- Disable AV
Step 2- Disable startup apps
Step 3- Encrypt all types of files as:
“.txt”,”.jar”,”.dat”,”.contact”,”.settings”,”.doc”,”.docx”,”.xls”,”.xlsx”,”.ppt”,”.pptx”,”.odt”,”.jpg”,”.mka”,”.mhtml”,”.oqy
Step 4- Create a Readme.txt file which gives you all steps to unencrypt all files
Step 5- If the person paid then the attacker will send the desencryption software
Step 6- Enjoy the money 🙂
Venom rat
Venom RAT + HVNC: Remote Desktop, Online/Offline logger, Password Recovery, Clone profile, Download Execute 3 methods(Memory, Disk, URL)
Redline
Collects from browsers(Login and passwords, Cookies, Autocomplete fields, Credit cards), Collection of data from FTP clients, IM clients, Customizable grabber file according to the criteria: Path, Extension, Search in subfolders (can be configured for the desired cold wallets, steam, etc.), Create/Edit tasks:
a) Download – download a file via a direct link to the specified path
b) RunPE – inject a 32-bit file downloaded from a direct link into another file that you specify
c) DownloadAndEx – downloading a file via a direct link to the specified path with subsequent launch
d) OpenLink – open link in default browser
Raccoon
Collection of Steam files, Collecting Telegram Desktop, passwords, cookies and autofill, File grabber with very fine tuning and support for shortcuts, The loader supports .EXE / .DLL / .BAT files as well as running commands (CMD) and Powershell, Almost all existing cryptocurrency desktop wallets, Recursive collection of Core wallets (.dat), Panel in *.onion zone