HOMEFRY

Description

(FireEye) HOMEFRY: a 64-bit Windows password dumper/cracker that has previously been used in conjunction with AIRBREAK and BADFLICK backdoors. Some strings are obfuscated with XOR x56. The malware accepts up to two arguments at the command line: one to display cleartext credentials for each login session, and a second to display cleartext credentials, NTLM hashes, and malware version for each login session.

Names

Name
HOMEFRY

Type

Credential stealer

Information

https://www.fireeye.com/blog/threat-research/2018/03/suspected-chinese-espionage-group-targeting-maritime-and-engineering-industries.html

Mitre Attack

https://attack.mitre.org/software/S0232/

Malpedia

https://malpedia.caad.fkie.fraunhofer.de/details/win.homefry

Alienvault Otx

https://otx.alienvault.com/browse/pulses?q=tag:HOMEFRY

Other Information

Uuid

422daad9-87c7-42e2-84a4-e634f311d1ba

Last Card Change

2020-04-23

Threat Intelligence Garden

Explorer

HOMEFRY

HOMEFRY

Description

Names

Category

Type

Information

Mitre Attack

Malpedia

Alienvault Otx

Other Information

Uuid

Last Card Change

Graph View

Table of Contents

Backlinks