General

  • Target

    expressvpn_windows_12.81.0.141_release.exe

  • Size

    90.8MB

  • Sample

    240613-gzlg6s1dkm

  • MD5

    39162a062c2aee60b62a9da97bff9af8

  • SHA1

    9a9d9c1b3fefdc5c239abdd59992229cfb9f07b0

  • SHA256

    5831644fd99e1b6f81de500fd224862fb16590f8fb521c90837bb00bf7e873d7

  • SHA512

    98a0e91767eae031276e3c663ee8db5029ac5a356b9beef52a56246e34993abb1e4a6d5ef121d32ab1465133f9dbd95cce73b9e6c243bfd488bf97bdf9095f4c

  • SSDEEP

    1572864:TDjAciGVsNRJXTUcEJO3jMt0cho88zuOeOwdEcYFxGX347iOOasihDFOjNzaO/8B:XOLhTUQzMPbme33k6347ovuCNeg8

Malware Config

Targets

    • Target

      expressvpn_windows_12.81.0.141_release.exe

    • Size

      90.8MB

    • MD5

      39162a062c2aee60b62a9da97bff9af8

    • SHA1

      9a9d9c1b3fefdc5c239abdd59992229cfb9f07b0

    • SHA256

      5831644fd99e1b6f81de500fd224862fb16590f8fb521c90837bb00bf7e873d7

    • SHA512

      98a0e91767eae031276e3c663ee8db5029ac5a356b9beef52a56246e34993abb1e4a6d5ef121d32ab1465133f9dbd95cce73b9e6c243bfd488bf97bdf9095f4c

    • SSDEEP

      1572864:TDjAciGVsNRJXTUcEJO3jMt0cho88zuOeOwdEcYFxGX347iOOasihDFOjNzaO/8B:XOLhTUQzMPbme33k6347ovuCNeg8

    • Adds Run key to start application

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

MITRE ATT&CK Enterprise v15

Tasks