Link (Dangerous): Attention! Your IP address is currently exposed. (check-myip.com)
Registered via NameCheap on April 5, 2023 - Whois check-myip.com
Users are asked to install “Radon VPN” at FileToSend (ffile-tosend.com)
VirusTotal - VirusTotal - File - 25c39395c1ccd3f190ee3d19e427edaa1877506332374617fa57aa5d92706ff7
Program contains the Cerbu & Kryptik trojans
I checked and the original link link is still good. I downloaded the file it offered to my Flare VM and found it’s a different file, as the SHA-256 is different than the one shown in your Virustotal link. Gotta get ready for work now, but will take a look at it later and see what I find.
Forgot to include the SHA-256 on the file I got. Here it is:
RadonVpn.exe SHA-256
e42f7887bad946d14ffc4ca5b150315b45aa60bbfc457d88960e0cb1d63d551d
None of the scanners on VT detects this file as anything so far. I’ll work on it more this evening if I have time.
