And again he have an Fake Ann Thread with an Fake Website Link where you can download a Malware Wallet File this time for Slimo !Fake Webpage :
https://slimocore.com
Fake Github :
github.com/SlimoCore/SlimoFake Wallet download on the Webpage :
https://dodgerblue-grasshopper-619575.hostingersite.com/wp-content/uploads/2024/12/slimo-qt-windows.zip
And again if you download that Wallet file and install and start it a lot of things will be happen:
Files that will be droped
StartupProfileData-Interactive
powershell.exe.log
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RegAsm.exe.log
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tempup.url
:\Users\user\Documents\20241210\PowerShell_transcript.405464.2SddcTIx.20241210003155.txt
On top of that its again full of Malware and Trojan shit:Zenbox flags this file as: MALWARE TROJAN EVADER RAT
Drops script at startup location
Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Dot net compiler compiles file from suspicious location
Suspicious DNS Query for IP Lookup Service APIs
PowerShell Script Run in AppData
Startup Folder File Write
Dynamic .NET Compilation Via Csc.EXE
ET MALWARE Observed Malicious SSL Cert (Quasar CnC)
ET MALWARE Generic AsyncRAT Style SSL Cert
ET INFO External IP Lookup Domain in DNS Lookup
Win64:Evo-gen [Trj]
Source :
https://www.virustotal.com/gui/file/93c17b482bf0bf274580744e57b27c70ffbbe1d14bb0c312e66f62e99ffa7c60/behaviorAccount :
Aingmangel <--- Please ban or Lock that Account and delete the ThreadThis user recently woke up from a long period of inactivity.This Account is Registered since October 04, 2021, Hacked or sold Account
Fake Ann Thread : [ANN] Slimo - Let's get slimy together!Slimo
https://github.com/SlimoCore/Slimo
https://slimocore.com
https://slimocore.com/#wallets