+- 0Day Forums (https://0day.red)
+-- Forum: Hacking & Exploits (https://0day.red/Forum-Hacking-Exploits)
+--- Forum: Antivirus & Protected (https://0day.red/Forum-Antivirus-Protected)
+--- Thread: [Scan Report]: Instagram Free Follower Tool v1.1 (/Thread-Scan-Report-Instagram-Free-Follower-Tool-v1-1)
[Scan Report]: Instagram Free Follower Tool v1.1 - necrophobia130 - 06-06-2020
i coudn't find the original thread of the application, however, i've downloaded it to manually scan it
this application sends your hardware configuration to an ip (47.254.216.24:8989), checks if it is running in a VM & setups a rat on user login
![[Image: w1rH44w.png]](https://i.imgur.com/w1rH44w.png)
Less important screenshots:
Hidden Content
Setups RAT on login:
![[Image: ldSeT27.png]](https://i.imgur.com/ldSeT27.png)
TcpConnection:
![[Image: Cge8n0J.png]](https://i.imgur.com/Cge8n0J.png)
i still have the original sample, dm me if you want it (i will not share it on 0day.red publically, don't want to get banned)
here is some tools i've made to decrypt some things, like the resources & strings
@mothered[/hide][To see links please register here]
[To see links please register here]
[To see links please register here]
[To see links please register here]
[/hide]
RE: [Scan Report]: Instagram Free Follower Tool v1.1 - arthrectomy738338 - 06-06-2020
Excellent analysis Indeed.
Evidently, the file Is Infected with malicious Intent. Is
[To see links please register here]
the thread It relates to?RE: [Scan Report]: Instagram Free Follower Tool v1.1 - stepladder27965 - 06-06-2020
Quote:(06-06-2020, 04:39 PM)mothered Wrote:yes indeed,thanks for finding the thread back[To see links please register here]
Excellent analysis Indeed.
Evidently, the file Is Infected with malicious Intent. Is[To see links please register here]
the thread It relates to?
RE: [Scan Report]: Instagram Free Follower Tool v1.1 - taiwanati - 06-07-2020
Quote:(06-06-2020, 08:39 PM)miso Wrote:Just wanted to make sure prior to taking action.[To see links please register here]
Quote: (06-06-2020, 04:39 PM)mothered Wrote:yes indeed,thanks for finding the thread back[To see links please register here]
Excellent analysis Indeed.
Evidently, the file Is Infected with malicious Intent. Is[To see links please register here]
the thread It relates to?
I've removed It from the said thread, and action has been taken accordingly against the OP.
Once again, good work with your analytical reports.