"Hide.me VPN" TROJAN

Malware
, ,
1

[color=#FF00]Link (Dangerous): Download Our Free VPN Client for Windows | hide.me (hidemevpn.tech) [/color]

Registered in Leningradskaya, Russia via Reg.Ru on January 4, 2022 (updated January 9, 2022) - Whois hidemevpn.tech

image
image539×524 42.2 KB

VirusTotal - VirusTotal - File - 336b4e27125f4ea77206b3d50930ffc6d4fac34648d72bdc88662ad1687d3e58

image
image1256×253 25.2 KB

Any.Run - Hide_me_vpn.zip (MD5: 0C1CA64149C67EF361D35ECB490C6D82) - Interactive analysis - ANY.RUN

image
image497×217 19.3 KB

Associated Facebook Account - Deya gaming | Facebook

Associated IP Addresses:
46.8.220.88

image
image858×394 40.3 KB

Program contains several trojans, including AgentTesla, Asprotect, Convagent, SusGen & a variant of the Redline Tracker.

2

Looking into the IP (46.8.220.88) reveals that it is a data center IP - contell.ru to be precise.

Running a port scan on the IP reveals that there are no open ports (unfiltered). Ports 111/tcp, 135/tcp, 136/tcp, 137/tcp, 138/tcp, & 139/tcp are filtered (firewall.)

The server is running Windows (Unable to determine the version but it is most likely Windows 10 - server edition)