Sinisterly
Gold [Scan Report]: Instagram Free Follower Tool v1.1 - Printable Version

+- Sinisterly (https://sinister.ly)
+-- Forum: Computers (https://sinister.ly/Forum-Computers)
+--- Forum: Antivirus & Protection (https://sinister.ly/Forum-Antivirus-Protection)
+--- Thread: Gold [Scan Report]: Instagram Free Follower Tool v1.1 (/Thread-Gold-Scan-Report-Instagram-Free-Follower-Tool-v1-1)

[Scan Report]: Instagram Free Follower Tool v1.1 - miso - 06-06-2020

i coudn't find the original thread of the application, however, i've downloaded it to manually scan it

this application sends your hardware configuration to an ip (47.254.216.24:8989), checks if it is running in a VM & setups a rat on user login

[Image: w1rH44w.png]

Less important screenshots:
Spoiler:
[Image: EbbXMAb.png]
[Image: XzFIuI6.png]

Code proof:
Spoiler:
Getting Hardware Info:
[Image: 8wpPX7O.png]

Checks if it is running in a VM:
[Image: lYOfyNR.png]
Code:
U3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXERpc2tcRW51bVw= | System\CurrentControlSet\Services\Disk\Enum\
Y21kLmV4ZSAvYyBwaW5nIDAgLW4gMiAmIGRlbCA= | cmd.exe /c ping 0 -n 2 & del

Setups RAT on login:
[Image: ldSeT27.png]

TcpConnection:
[Image: Cge8n0J.png]

i still have the original sample, dm me if you want it (i will not share it on sinister.ly publically, don't want to get banned)

here is some tools i've made to decrypt some things, like the resources & strings

Virustotal Scan [2/72] (ResourceDecrypt.exe)
Virustotal Scan [2/72] (StringDecrypt.exe)

Download (ResourceDecrypt.exe)
Download (StringDecrypt.exe)

@mothered

RE: [Scan Report]: Instagram Free Follower Tool v1.1 - mothered - 06-06-2020

Excellent analysis Indeed.

Evidently, the file Is Infected with malicious Intent. Is this the thread It relates to?

RE: [Scan Report]: Instagram Free Follower Tool v1.1 - miso - 06-06-2020

(06-06-2020, 04:39 PM)mothered Wrote: Excellent analysis Indeed.

Evidently, the file Is Infected with malicious Intent. Is this the thread It relates to?
yes indeed,thanks for finding the thread back

RE: [Scan Report]: Instagram Free Follower Tool v1.1 - mothered - 06-07-2020

(06-06-2020, 08:39 PM)miso Wrote:
(06-06-2020, 04:39 PM)mothered Wrote: Excellent analysis Indeed.

Evidently, the file Is Infected with malicious Intent. Is this the thread It relates to?
yes indeed,thanks for finding the thread back
Just wanted to make sure prior to taking action.

I've removed It from the said thread, and action has been taken accordingly against the OP.
Once again, good work with your analytical reports.