And again we have a new Fake Ann Thread with an Fake Website and where you have the Fake Wallet Malware download this time for True Pepe Coin (TPC) !Same pattern as it was for the other Fake Websites and Wallet downloads.
Fake Github :
github.com/True-Pepe/Pepe-CoreFake Website:
https://truepepe.com/
Fake Wallet download on the Website:
https://palegreen-cheetah-217044.hostingersite.com/wp-content/uploads/2024/12/truepepe-qt-windows.zip
The Fake Wallet File has the same shit in it as the other got , shady things !
The sandbox Zenbox flags this file as: MALWARE TROJAN EVADER RAT
Drops script at startup location
Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Dot net compiler compiles file from suspicious location
Suspicious DNS Query for IP Lookup Service APIs
PowerShell Script Run in AppData
Startup Folder File Write
ET MALWARE Observed Malicious SSL Cert (Quasar CnC)
ET MALWARE Generic AsyncRAT Style SSL Cert
(http_inspect) invalid status line
ET INFO External IP Lookup Domain in DNS Lookup (ipwho .is)
StartupProfileData-Interactive
powershell.exe.log
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\RegAsm.exe.log
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tempup.url
C:\Users\user\Documents\20241218\PowerShell_transcript.040965.JDM0d755.20241218190013.txt
Win64:Evo-gen [Trj]
Source :
https://www.virustotal.com/gui/file/11fef0ecf812a7bc626148b8bfaaf36c226e9c37f715815a958413bdccae9ca4/behaviorAccount :
TruePepe <--- Please ban or Lock that Account and delete the ThreadThe Account was just created yesterday
Fake Ann Thread : [ANN] 🌟 True Pepe Coin (TPC) - Where Memes Meet Majesty! 🌟As always the Thread is self-moderated
True Pepe Coin (TPC)
[b]Windows Wallet:[/b] https://truepepe.com/#wallets
[b]Linux Wallet:[/b] https://truepepe.com/#wallets
[b]Website:[/b] https://truepepe.com