[Scan Report]: Instagram Free Follower Tool v1.1

i coudn't find the original thread of the application, however, i've downloaded it to manually scan it

this application sends your hardware configuration to an ip (47.254.216.24:8989), checks if it is running in a VM & setups a rat on user login

Less important screenshots:

Hidden Content

You must

[To see links please register here]

or

[To see links please register here]

to view this content.

Setups RAT on login:


TcpConnection:

i still have the original sample, dm me if you want it (i will not share it on 0day.red publically, don't want to get banned)

here is some tools i've made to decrypt some things, like the resources & strings

[To see links please register here]

[To see links please register here]

[To see links please register here]

[To see links please register here]

@mothered[/hide]
[/hide]

Excellent analysis Indeed.

Evidently, the file Is Infected with malicious Intent. Is

[To see links please register here]

the thread It relates to?

(06-06-2020, 04:39 PM)mothered Wrote:

[To see links please register here]

Excellent analysis Indeed.

Evidently, the file Is Infected with malicious Intent. Is

[To see links please register here]

the thread It relates to?

yes indeed,thanks for finding the thread back

(06-06-2020, 08:39 PM)miso Wrote:

[To see links please register here]

(06-06-2020, 04:39 PM)mothered Wrote:

[To see links please register here]

Excellent analysis Indeed.

Evidently, the file Is Infected with malicious Intent. Is

[To see links please register here]

the thread It relates to?

yes indeed,thanks for finding the thread back

Just wanted to make sure prior to taking action.

I've removed It from the said thread, and action has been taken accordingly against the OP.
Once again, good work with your analytical reports.