MortalKombat Ransomware infecting Crypto Wallets – TheCyberThrone

Researchers have been tracking an unidentified threat actor behind a ransomware campaign that uses a variant of the Xorist commodity ransomware MortalKombat, as well as a GO variant of the Laplas Clipper malware.

Once the victim is infected, it displays a Mortal Kombat 11 wallpaper along with a note instructing the victim to contact the attackers using qTox – instant messaging app.

Advertisements

The email claims that the user’s payment has timed out and carries an attachment, which contains the malicious payload in a zipped file with a name that appears to be a CoinPayments transaction number.

A multi-stage attack chain is initiated, during which the actor delivers either malware or ransomware. The ransomware encrypts all files on the infected system, including those in the trash bin and virtual machine files. It corrupts Windows Explorer, deletes folders and files from the start-up menu, and disables the Run Command.

If the attachment drops Laplas Clipper, the victim’s crypto wallet is targeted. The malware monitors the computer’s clipboard for cryptocurrency wallet addresses. If it finds any address, then it sends to the C2 server, and a Clipper bot creates a lookalike address and then replaces the clipboard entry and threat actor attempts to transfer into their own wallet.

The campaign has reportedly been targeting victims in the United States, England, Turkey, and the Philippines.

Advertisements

Until you ensure that the email you received is from a legitimate entity, it is highly advised that you do not click on any attachments. It is recommended to remain vigilant.

This research was documented by researchers from Cisco Talos.

Indicators of Compromise

193.169.255.78
144.76.136.153
clipper.guru
transfer.sh
hack3dlikeapro@proton.me
http://193.169.255.78/fw-apgksdtpx4hoaujjmbvdnxpohz.pdf.zip
http://193.169.255.78/fw-cpgk2xfpx4hoaujjmbvdnxpohz.pdf.zip
9a5a5d50dea40645697fabc8168cc32faf8e71ca77a2ea3f5f73d1b9a57fc7b0
26d870d277e2eca955e51a8ea77d942ebafbbf3cbf29371a04a43cfe1546db17
1bf30c5c51a3533b4f0d7d3d560df691657d62374441d772f563376b55a60818
f02512e7e2950bdf5fa0cd6fa6b097f806e1b0f6a25538d3314c793998484220
63ec10e267a71885089fe6de698d2730c5c7bc6541f40370680b86ab4581a47d
e5f60df786e9da9850b7f01480ebffced3be396618c230fa94b5cbc846723553

Related Stories

Tags: CyberCrime Laplas Clipper Malware Mortal Kombat Ransomware Security

Leave a ReplyCancel reply

%d bloggers like this: