Login Register




Gold [Scan Report]: Instagram Free Follower Tool v1.1 filter_list
Author
Message
[Scan Report]: Instagram Free Follower Tool v1.1 #1
i coudn't find the original thread of the application, however, i've downloaded it to manually scan it

this application sends your hardware configuration to an ip (47.254.216.24:8989), checks if it is running in a VM & setups a rat on user login

[Image: w1rH44w.png]

Less important screenshots:
Spoiler:
[Image: EbbXMAb.png]
[Image: XzFIuI6.png]

Code proof:
Spoiler:
Getting Hardware Info:
[Image: 8wpPX7O.png]

Checks if it is running in a VM:
[Image: lYOfyNR.png]
Code:
U3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXERpc2tcRW51bVw= | System\CurrentControlSet\Services\Disk\Enum\
Y21kLmV4ZSAvYyBwaW5nIDAgLW4gMiAmIGRlbCA= | cmd.exe /c ping 0 -n 2 & del

Setups RAT on login:
[Image: ldSeT27.png]

TcpConnection:
[Image: Cge8n0J.png]

i still have the original sample, dm me if you want it (i will not share it on sinister.ly publically, don't want to get banned)


@mothered
(This post was last modified: 06-06-2020, 02:59 PM by miso.)
i like coding & cracking apps
im rly lazy xd

shoppy.gg account
github account

sinister.ly <3

[+] 1 user Likes miso's post
Reply

RE: [Scan Report]: Instagram Free Follower Tool v1.1 #2
Excellent analysis Indeed.

Evidently, the file Is Infected with malicious Intent. Is this the thread It relates to?

Reply

RE: [Scan Report]: Instagram Free Follower Tool v1.1 #3
(06-06-2020, 04:39 PM)mothered Wrote: Excellent analysis Indeed.

Evidently, the file Is Infected with malicious Intent. Is this the thread It relates to?
yes indeed,thanks for finding the thread back
i like coding & cracking apps
im rly lazy xd

shoppy.gg account
github account

sinister.ly <3

Reply

RE: [Scan Report]: Instagram Free Follower Tool v1.1 #4
(06-06-2020, 08:39 PM)miso Wrote:
(06-06-2020, 04:39 PM)mothered Wrote: Excellent analysis Indeed.

Evidently, the file Is Infected with malicious Intent. Is this the thread It relates to?
yes indeed,thanks for finding the thread back
Just wanted to make sure prior to taking action.

I've removed It from the said thread, and action has been taken accordingly against the OP.
Once again, good work with your analytical reports.

[+] 1 user Likes mothered's post
Reply






Users browsing this thread: 1 Guest(s)