Working with crypto-wallet | Electrum, Exodus

[Carding]

ELECTRUM

With Electrum everything is simple, you install the Electrum client from the official site: https://electrum.org/#download
After installing, run it.

In the 'Wallet' field you specify the path to your cold wallet, I'll take my path as an example:

Go to the folder Wallet (Folder may change its name depending on your stealer, mostly the folder is called Wallet, Crypto, Coins).

After selecting the file, a new 'Password' item will pop up in the Electrum window.

At this point, you must pick the password from your log.

After successful matching you will see in the marked places transactions of this wallet, and below the balance.

I think you can withdraw these funds without me using the tab 'Send'. I think intuitively you can do it yourself.

EXODUS

With exodus all the same simple, install the client Exodus from official site: https://www.exodus.com/download/

Then press on your keyboard 'WIN + R', then type in %AppData%.

Then look for the folder 'Exodus' and go to it.

We only interact with the exodus.wallet folder and in exceptions with the lower files (exception: the stealer stole the lower files too (this happens with some stealers). With exodus it's easier, sometimes the passphrase is also stored on the victim's computer, and then we don't need to guess the password.

Copy and paste these log files into %AppData%/Exodus/exodus.

After launching Exodus.

I think next intuitively figure out how to withdraw funds, everything is simple and easy.

At this point, all!

 

[Lord777]

Processing of сrypto wallets in the botnet logs by the example of EXODUS​

Where do I get logs with crypto?
Most often, such logs cannot be found in the log stores, because ALL stores check cold wallets. ALL of them without exception. So, the only option is to take traffic by yourself.

How do I know that there is crypto in the log?
Very simple, if the crypto is located on the cold wallet, the conditional Racoon and Redline will create in the log file directory like this:

The name can be anything, but the essence is always the same.

The interior of the log with crypto
This folder usually contains wallets and their names:

Always they are different, examples: "electrum, atomic, Dogecoin, Bitcoin, etc.", to all approach + - the same, and now I will tell you about it at the level of EXODUS (the most problematic wallet, the most harmful, but often the most recoupable).

Files
Using EXODUS as an example, let's take a look at his files:

There is no need to go into the essence, let's just focus a little bit on the EXODUS program.

EXODUS itself builds missing files based on the information it has in the directory, but there is this same additional information, but it does not add up, the wallet does not start. I think I described clearly. In simple terms, the less files you load and the less you leave from the past USERAGENT, the more chances that EXODUS will let you in.

Getting in.
Like all wallets, EXODUS stores its data in the %appdata% directory (Type it into a windup search).

Here it is, let's open it!

When you install, there will be a lot of files

We simply delete them all and put our exodus.wallet folder from the log into a directory.

Start EXOUDS

Now let's start it up. The account is invalid. How do I know? If you are logged in for 1 day -> invalid.

Great, but the wallet is password-protected, so what do we do?

Let's go back to our log

Go into FileGrabber and look for the password (50% of holders store passwords in textboxes)

Otherwise we just try to find the password from "Passwords". Another option is to restore the wallet by finding the 12-word passphrase

It is also worth looking for it in "FileGrabber". After, if a successful entry - withdraw the money!