General
-
Target
expressvpn_windows_12.55.0.27_release.exe
-
Size
64.3MB
-
Sample
230814-pxr6yaea5t
-
MD5
01ea6bbb71d93bb90ff3eabddf487bd0
-
SHA1
251cddc2dfebc6adca191ba2f11fff3a4fef8746
-
SHA256
8644aab58a88f3490f6a1989b679d2e8a74309b8909d6fb4168470bc7023d0bc
-
SHA512
fbaaf23bd4cc2bd238c0b4f6634e70e769ae30e2ce8ff67d34898a1fc24da264b4cc5afbd5f740970d5614c5e9d7407a7e6009f4e3728de9db19bf4af0ad9be6
-
SSDEEP
1572864:Mo5GmwXDfmCP+zj1iXKDPn7XtJ+wK894oNHi/DmwSYJcuHnHJWLV:d0DeZhNDLtJi894YZgHa
Static task
static1
Behavioral task
behavioral1
Sample
expressvpn_windows_12.55.0.27_release.exe
Resource
win10v2004-20230703-en
Malware Config
Targets
-
-
Target
expressvpn_windows_12.55.0.27_release.exe
-
Size
64.3MB
-
MD5
01ea6bbb71d93bb90ff3eabddf487bd0
-
SHA1
251cddc2dfebc6adca191ba2f11fff3a4fef8746
-
SHA256
8644aab58a88f3490f6a1989b679d2e8a74309b8909d6fb4168470bc7023d0bc
-
SHA512
fbaaf23bd4cc2bd238c0b4f6634e70e769ae30e2ce8ff67d34898a1fc24da264b4cc5afbd5f740970d5614c5e9d7407a7e6009f4e3728de9db19bf4af0ad9be6
-
SSDEEP
1572864:Mo5GmwXDfmCP+zj1iXKDPn7XtJ+wK894oNHi/DmwSYJcuHnHJWLV:d0DeZhNDLtJi894YZgHa
Score10/10-
RevengeRat Executable
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-