"The best VPN PC Mobile" TROJAN

Malware
, , , ,
1

[color=#FF00]Link (Dangerous): VPN Special Offer | ExpressVPN (expressedvpn.com)[/color]

Registered by Alex Alex in Albuquerque, New Mexico via Nicenic on May 24, 2022 - Whois expressedvpn.com

image
image547×358 22.8 KB

[color=#FF0000]VirusTotal - VirusTotal - File - 9271f3072c6b45c45e1420479325a1b6dc48dd4c86df6232d854e212ce7199d3[/color]

image
image1196×381 29.5 KB

[color=#FF0000]Any.Run - Expressvpn 5.10.0.zip (MD5: 679C113ECDBD12739ADBE3FA792CF7AC) - Interactive analysis - ANY.RUN[/color]

image
image501×233 17.5 KB

Program is designed to mimic ExpressVPN and contains the Cryptor and Obsidium trojans. All information is logged on a Telegram server.

Associated Facebook Account - Blue Home Property (facebook.com)

Associated IP Addresses:
45.144.30.47

image
image1196×381 29.5 KB

94.130.174.62

image
image1198×397 22.2 KB

2

ip 94.130.174.62 is where all the information gets logged
all information from pc is in zip file then sent via a http post request to the ip
funny that you can also upload any files to them there is no restrictions
took advantage and their telegram must be now filled with useless files

3

@ 11:12 am EST http://94.130.174.62/ is offline, rendering the uploading of a victims information useless!!

4

undefined
undefined920×430 24.3 KB