From malware.news
Executive Summary
- Analyze the bitcoin payment address of the Ragnarok ransomware
- Ragnarok transfers bitcoin to renBTC, performs a coin swap, and finally withdraws to Binance and Huobi exchanges
- Confirmation of 5 Bitcoin addresses used by Ragnarok ransomware to send renBTC and 2 Ethereum addresses used for coin swap
Detailed analysis
1. Abstract
- Ragnarok ransomware negotiates with victims via email
- Confirm payment address through the ransom notes email contact (2021–07–28)
- Payment address : 1HQeCCR7Vhfm6PWEhWj3NuYcSNVuLDRb24
- Price : 2.8 BTC
- Contact mail : christian1986@tutanota.com