Pulse Detail — Threat Intelligence

PULSE NAME

Gamers get ready: under the guise of cheats and mods, scammers distribute Trojan.Scavenger for the theft of cryptocurrency and passwords.

WHITE PetrP.73 2025-07-23 Modified: 2025-07-23

IOCs

MEDIUM VOLUME

↓ CSV ↓ JSON

Dr. Web has identified a family of malicious Trojans known as ScaveNger, which are designed to target Windows users to steal sensitive information related to cryptocurrencies and password managers. These Trojans employ the DLL Search Order Hijacking technique to infect systems, using legitimate applications as vectors for deployment. This method involves placing malicious DLLs in locations prioritized by Windows for library searches, ensuring the malicious code is executed as part of the legitimate application. The infection process with Trojan.Scavenger is multi-layered and begins with Trojan loaders, which can arrive on target systems through various means, including pirated software from torrent sites. For instance, Trojan.Scavenger.1 poses as a DLL named umpdc.dll and typically spreads alongside games, such as Oblivion Remastered. Once activated, it retrieves additional malicious modules like Trojan.Scavenger.2 and subsequently Trojan.Scavenger.3 and Trojan.Scavenger.4.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1005 T1027 T1055 T1071.001 T1074 T1105 T1119 T1132 T1204.002

Indicators of Compromise (43)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	083e5042e7e2118b37f09b337071d1f8	MD5 of 3a02aacce9653958e1b11523ec3f618e5e2f11e7	2025-07-23
FileHash-MD5	19acc6fc9bfb0bb1bfb6179fc37ff5b0	MD5 of 60fca6ad18c8574f5234fdd47963d6fb9a6e113e	2025-07-23
FileHash-MD5	1dd86ff47ea589fa748832a007e52645	MD5 of fe612df1ae5fba63ca4eaeb880e9f14b1061636b	2025-07-23
FileHash-MD5	3134c94ffbc5ee53f76e12d88e8d964d	MD5 of a77271854d70ac119552ab830eb266e94cc8b9cc	2025-07-23
FileHash-MD5	4cad308528929a8d20143c8f634cfba8	MD5 of 739d4a37831d94b35b5140e7acdee6e75d3279f1	2025-07-23
FileHash-MD5	53f2dcb0bdfcdcd9ac868e6737ea5d5f	MD5 of dcf9a4a81ec24b8d171fb2c6b5a6f374253748e5	2025-07-23
FileHash-MD5	572fe515ccb3a0068bc641725f8e3ef9	MD5 of 9f5d1dbb2cd31b2af97e14b8781ea035a4869194	2025-07-23
FileHash-MD5	b3157d0334170ec5d4e22db77717a2b9	—	2025-07-23
FileHash-MD5	fb2799e1d76a5897bcc2675e90f22869	MD5 of 96708c84e07d058b5f0012666e565617907add99	2025-07-23
FileHash-SHA1	1a4891f841d32772f7efb90c5523bb8c5259456c	—	2025-07-23
FileHash-SHA1	22ec4510f48059a993eb94b63fe8d0f4c3120808	—	2025-07-23
FileHash-SHA1	3a02aacce9653958e1b11523ec3f618e5e2f11e7	—	2025-07-23
FileHash-SHA1	4ee0b3f20ebd269b57d46a93d8697f69f2d67781	—	2025-07-23
FileHash-SHA1	56ba2e4371e125ded5a52a66c2f77295cff09a0b	—	2025-07-23
FileHash-SHA1	60fca6ad18c8574f5234fdd47963d6fb9a6e113e	—	2025-07-23
FileHash-SHA1	739d4a37831d94b35b5140e7acdee6e75d3279f1	—	2025-07-23
FileHash-SHA1	82462e8a02169b8a4af2dc367f1c7e613e12a52e	—	2025-07-23
FileHash-SHA1	93e0dcc0d4dce8923a8e0a609b30263f2b9a3fb7	—	2025-07-23
FileHash-SHA1	947d983cc91cf9b9b937d53e67c64ecdd7cba208	—	2025-07-23
FileHash-SHA1	96708c84e07d058b5f0012666e565617907add99	—	2025-07-23
FileHash-SHA1	9f5d1dbb2cd31b2af97e14b8781ea035a4869194	—	2025-07-23
FileHash-SHA1	a77271854d70ac119552ab830eb266e94cc8b9cc	—	2025-07-23
FileHash-SHA1	c9525818b9703d8e1bad10384ec0a995181b7808	—	2025-07-23
FileHash-SHA1	d155d3fb9e2fec39bd6e7da6adb43e70948592cc	—	2025-07-23
FileHash-SHA1	daf7bf74dc54b8eb98be2f140c82c4ae1ea1f10e	—	2025-07-23
FileHash-SHA1	dcf9a4a81ec24b8d171fb2c6b5a6f374253748e5	—	2025-07-23
FileHash-SHA1	e2f4652d3d900e40c4af23165d7064e765183a10	—	2025-07-23
FileHash-SHA1	e3b685cd999075f1eb0ac800bcb2274e35d6e196	—	2025-07-23
FileHash-SHA1	ebc12716082f0841a7c889df16fe15e68a1a24b0	—	2025-07-23
FileHash-SHA1	f182e735f256a4a99c88ea738d3fe5009b819c61	—	2025-07-23
FileHash-SHA1	f98984cf0968a6bae42ca1ab00e811f5a414572d	—	2025-07-23
FileHash-SHA1	fe612df1ae5fba63ca4eaeb880e9f14b1061636b	—	2025-07-23
FileHash-SHA256	0254abb7ce025ac844429589e0fec98a84ccefae38e8e9807203438e2f387950	SHA256 of fe612df1ae5fba63ca4eaeb880e9f14b1061636b	2025-07-23
FileHash-SHA256	1aeab6b568c22d11258fb002ff230f439908ec376eb87ed8e24d102252c83a6e	SHA256 of dcf9a4a81ec24b8d171fb2c6b5a6f374253748e5	2025-07-23
FileHash-SHA256	75c0aa897075a7bfa64d8a55be636a6984e2d1a5a05a54f0f01b0eb4653e9c7a	SHA256 of a77271854d70ac119552ab830eb266e94cc8b9cc	2025-07-23
FileHash-SHA256	8c8965147d5b39cad109b578ddb4bfca50b66838779e6d3890eefc4818c79590	SHA256 of 739d4a37831d94b35b5140e7acdee6e75d3279f1	2025-07-23
FileHash-SHA256	988134e2864a0571daa2569ffb385785a559d698b4b6baf558ed22da3c34eb51	SHA256 of 3a02aacce9653958e1b11523ec3f618e5e2f11e7	2025-07-23
FileHash-SHA256	9ec86514d5993782d455a4c9717ec4f06d0dfcd556e8de6cf0f8346b8b8629d4	SHA256 of 96708c84e07d058b5f0012666e565617907add99	2025-07-23
FileHash-SHA256	c3536b736c26cd5464c6f53ce8343d3fe540eb699abd05f496dcd3b8b47c5134	SHA256 of 60fca6ad18c8574f5234fdd47963d6fb9a6e113e	2025-07-23
FileHash-SHA256	dd4c4ee21009701b4a29b9f25634f3eb0f3b7f4cc1f00b98fc55d784815ef35b	SHA256 of 9f5d1dbb2cd31b2af97e14b8781ea035a4869194	2025-07-23
domain	datacrab-analytics.com	—	2025-07-23
domain	datahog.su	—	2025-07-23
domain	datalytica.su	—	2025-07-23

References (1)

↗ https://news.drweb.ru/show/?i=15036&lng=ru&c=5