Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

Instagram ....1.exe

windows11-21h2-x64

10

Instagram ...gn.dll

windows11-21h2-x64

1

Instagram ...ts.dll

windows11-21h2-x64

1

Instagram ...rk.dll

windows11-21h2-x64

1

Instagram ...ip.dll

windows11-21h2-x64

1

Instagram ...CE.zip

windows11-21h2-x64

1

Instagram ...er.exe

windows11-21h2-x64

8

Instagram ...gn.dll

windows11-21h2-x64

1

Instagram ...ts.dll

windows11-21h2-x64

1

Instagram ...rk.dll

windows11-21h2-x64

1

Instagram ...et.dll

windows11-21h2-x64

1

Instagram ...ml.exe

windows11-21h2-x64

10

Instagram ...op.ini

windows11-21h2-x64

3

Instagram ...an.txt

windows11-21h2-x64

3

Instagram ...et.dll

windows11-21h2-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Instagram Account Checker By Amir v0.1.rar

  • Size

    1.3MB

  • Sample

    250130-wkrg7szrfm

  • MD5

    a881a88cc642bac36123ee7ab3ce377d

  • SHA1

    d9a33f01390f6a86eebab66201db22b1d4e92684

  • SHA256

    418d91aa65e3ab38c3c95015d986684ee9c7bcb326f186ad0fba5c12dc77e8bc

  • SHA512

    852be83f0a19f368d7e0051fc4663ecfc5f1ae5fddbeca31027ce8eafe4acdd7808f9b3203d8a78c0c3b6b485231e07fef1ea0386f1b5bded4444d1d556bb9bb

  • SSDEEP

    24576:Gp7XinQiXwC6KsZ+RMwuMzp/o1ZybvIk05+He1FSb4pGXsZ2+GE+oTd/N:u7IdXwkHR1uM9Q3IvIB5+He1FSb4C22G

Score
10/10
neshtadiscoveryexecutionpersistencespywarestealer

Malware Config

Targets

    • Target

      Instagram Account Checker By Amir v0.1/Instagram Account Checker By Amir v0.1.exe

    • Size

      214KB

    • MD5

      061683b79c9c654a8eb5e81c3b1f4de0

    • SHA1

      02cebcbebe06905fc80f1a459a673b8317ebeb80

    • SHA256

      19a099135d5248a219e7b13b74b6a608de4db082638dc566d012153406f86c3d

    • SHA512

      080d5a29e722dc3e020a7582c592d36f4ccb64b97008df24d5c89b93a2ab4afb3295cf5ec0826ec78c7ef85e5a3d6927038f99a5fcb328b487d216573a42193d

    • SSDEEP

      3072:74l6udi2LxmIx72Q78LaN09doHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHHT:766uDtZxj71edik0vNdxNtCcCz

    Score
    10/10
    neshtadiscoveryexecutionpersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Neshta family

      neshta

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Drops startup file

    • Executes dropped EXE

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence
    behavioral1

    • Target

      Instagram Account Checker By Amir v0.1/MetroFramework.Design.dll

    • Size

      16KB

    • MD5

      ab4c3529694fc8d2427434825f71b2b8

    • SHA1

      7be378e382e43eae84f1567b3570bca9a67e7697

    • SHA256

      0a4a96082e25767e4697033649b16c76a652e120757a2cecab8092ad0d716b65

    • SHA512

      02d7935f68c30457da79ad7b039b22caed11d8aedfec7c96619ac6da59ceb7c5e7a758dced64ec02d31c37a2befccdc8eb59be9e2dc849aa2bc22fabb5fa00a5

    • SSDEEP

      384:HYAB8KPALBamLG3gckiBTVU6sgFf5L7WTOYKpKG4rw:HyLBamS3gckiBTVkgiVXr

    Score
    1/10
    behavioral2

    • Target

      Instagram Account Checker By Amir v0.1/MetroFramework.Fonts.dll

    • Size

      656KB

    • MD5

      65ef4b23060128743cef937a43b82aa3

    • SHA1

      cc72536b84384ec8479b9734b947dce885ef5d31

    • SHA256

      c843869aaca5135c2d47296985f35c71ca8af4431288d04d481c4e46cc93ee26

    • SHA512

      d06690f9aac0c6500aed387f692b3305dfc0708b08fc2f27eaa44b108908ccd8267b07f8fb8608eef5c803039caeabf8f88a18b7e5b1d850f32bbb72bcd3b0b7

    • SSDEEP

      12288:O+/9JcJlYqCNktA+SXfGpq2fHowSqCNktA+SXfvJR9FrIJJaqCNktA+SXfUC:O+/3qlrCNoh+UqgIwhCNoh+JR9FrIJJw

    Score
    1/10
    behavioral3

    • Target

      Instagram Account Checker By Amir v0.1/MetroFramework.dll

    • Size

      345KB

    • MD5

      34ea7f7d66563f724318e322ff08f4db

    • SHA1

      d0aa8038a92eb43def2fffbbf4114b02636117c5

    • SHA256

      c2c12d31b4844e29de31594fc9632a372a553631de0a0a04c8af91668e37cf49

    • SHA512

      dceb1f9435b9479f6aea9b0644ba8c46338a7f458c313822a9d9b3266d79af395b9b2797ed3217c7048db8b22955ec6fe8b0b1778077fa1de587123ad9e6b148

    • SSDEEP

      6144:M4S7k5hdCpU4YqfkUGz6KpQQZQHDXjNCdOZgLdL5DXBK:M4S7k5hdCEQHP1Zgj

    Score
    1/10
    behavioral4

    • Target

      Instagram Account Checker By Amir v0.1/SHELL/Ionic.Zip.dll

    • Size

      480KB

    • MD5

      f6933bf7cee0fd6c80cdf207ff15a523

    • SHA1

      039eeb1169e1defe387c7d4ca4021bce9d11786d

    • SHA256

      17bb0c9be45289a2be56a5f5a68ec9891d7792b886e0054bc86d57fe84d01c89

    • SHA512

      88675512daa41e17ce4daf6ca764ccb17cd9633a7c2b7545875089cae60f6918909a947f3b1692d16ec5fa209e18e84bc0ff3594f72c3e677a6cca9f3a70b8d6

    • SSDEEP

      6144:OhagC/Mq25o9sXGtSV41OJDsTDDVUMle6ZjxLV/kHu4Bht79I9:iagxWS4msNUCe65fkHdBf9

    Score
    1/10
    behavioral5

    • Target

      Instagram Account Checker By Amir v0.1/SHELL/LICENCE.dat

    • Size

      68KB

    • MD5

      8c75cd4d284ce9babef8db2e69b6923a

    • SHA1

      cf2a3800e62d5e8144f1d525927fbd2c94a7a55c

    • SHA256

      613bbfa0f4e7548fb835898a950f4d1fe104a16ac7ad49e459ffaa85d95a53b6

    • SHA512

      46eb3c8e9c71fc8b33ee3ac79ef4ef28d513ef9d120b32f14a2eb05de317ec7361a5efd7b814dfe1fbdac32a4ae6c7126c03ee9fe3d91589e7913548d798b569

    • SSDEEP

      1536:9MJlzEuhCLGBOzfpm7slhUKegH+jeW0mtpITf2+qpXj:9MJlwuhHsBegTjYpIz2+wXj

    Score
    1/10
    behavioral6

    • Target

      Instagram Account Checker By Amir v0.1/SHELL/Launcher.exe

    • Size

      53KB

    • MD5

      c6d4c881112022eb30725978ecd7c6ec

    • SHA1

      ba4f96dc374195d873b3eebdb28b633d9a1c5bf5

    • SHA256

      0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32

    • SHA512

      3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981

    • SSDEEP

      768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5

    Score
    8/10
    discoveryexecutionpersistence

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral7

    • Target

      Instagram Account Checker By Amir v0.1/SHELL/MetroFramework.Design.dll

    • Size

      16KB

    • MD5

      ab4c3529694fc8d2427434825f71b2b8

    • SHA1

      7be378e382e43eae84f1567b3570bca9a67e7697

    • SHA256

      0a4a96082e25767e4697033649b16c76a652e120757a2cecab8092ad0d716b65

    • SHA512

      02d7935f68c30457da79ad7b039b22caed11d8aedfec7c96619ac6da59ceb7c5e7a758dced64ec02d31c37a2befccdc8eb59be9e2dc849aa2bc22fabb5fa00a5

    • SSDEEP

      384:HYAB8KPALBamLG3gckiBTVU6sgFf5L7WTOYKpKG4rw:HyLBamS3gckiBTVkgiVXr

    Score
    1/10
    behavioral8

    • Target

      Instagram Account Checker By Amir v0.1/SHELL/MetroFramework.Fonts.dll

    • Size

      656KB

    • MD5

      65ef4b23060128743cef937a43b82aa3

    • SHA1

      cc72536b84384ec8479b9734b947dce885ef5d31

    • SHA256

      c843869aaca5135c2d47296985f35c71ca8af4431288d04d481c4e46cc93ee26

    • SHA512

      d06690f9aac0c6500aed387f692b3305dfc0708b08fc2f27eaa44b108908ccd8267b07f8fb8608eef5c803039caeabf8f88a18b7e5b1d850f32bbb72bcd3b0b7

    • SSDEEP

      12288:O+/9JcJlYqCNktA+SXfGpq2fHowSqCNktA+SXfvJR9FrIJJaqCNktA+SXfUC:O+/3qlrCNoh+UqgIwhCNoh+JR9FrIJJw

    Score
    1/10
    behavioral9

    • Target

      Instagram Account Checker By Amir v0.1/SHELL/MetroFramework.dll

    • Size

      345KB

    • MD5

      34ea7f7d66563f724318e322ff08f4db

    • SHA1

      d0aa8038a92eb43def2fffbbf4114b02636117c5

    • SHA256

      c2c12d31b4844e29de31594fc9632a372a553631de0a0a04c8af91668e37cf49

    • SHA512

      dceb1f9435b9479f6aea9b0644ba8c46338a7f458c313822a9d9b3266d79af395b9b2797ed3217c7048db8b22955ec6fe8b0b1778077fa1de587123ad9e6b148

    • SSDEEP

      6144:M4S7k5hdCpU4YqfkUGz6KpQQZQHDXjNCdOZgLdL5DXBK:M4S7k5hdCEQHP1Zgj

    Score
    1/10
    behavioral10

    • Target

      Instagram Account Checker By Amir v0.1/SHELL/xNet.dll

    • Size

      99KB

    • MD5

      bf1f76644bddd20339548ebacf7a48eb

    • SHA1

      38114702114105eb3df3f74bf4c68ef7db436f47

    • SHA256

      5d9c2b1822bcaa71ddeaa5426d4312d8e174766ae8864c7add29d7f44cea87f2

    • SHA512

      76132c9e29a0a3054cd41c56d5184951d392a2abd1995e14b34c40f14b154914a6990c107e7fcf4139344759ae6048e9ecf0bdaf0447c1cd589dfacbf901b7c5

    • SSDEEP

      3072:sCMhzHWHfyqxjqCgRGAQIO7ScwpY3wisz0YsXhqnV+xnEd4:sCM52n4RSVPwIhqnV+xnEd

    Score
    1/10
    behavioral11

    • Target

      Instagram Account Checker By Amir v0.1/SHELL/xml.exe

    • Size

      285KB

    • MD5

      0a77cfe1308dbf869c62560a80a1ab57

    • SHA1

      8f8fad37cb455d79477ea63b9e33ae364327ced8

    • SHA256

      322bc1db23aa000b478e488cb7683c67f98b60a2a92683e331964b6505b452a8

    • SHA512

      e76ce13f0a5bb4452cde9f9210e632a0a9836c57b8374ebe82820a518ea6639b87c8a1b4dea39b872535d514b66281faa55d7ecf017237cb1a98256d7cb7b598

    • SSDEEP

      6144:k905WxvstaVsHDeVDZQ17B99b2Q1F8yVjXhAEv/Br5Y:D5ZtaVq89g7PFj1F8yVjXhAEv/nY

    Score
    10/10
    neshtadiscoverypersistencespywarestealer

    • Detect Neshta payload

    • Neshta

      Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.

      persistencespywareneshta

    • Neshta family

      neshta

    • Executes dropped EXE

    • Modifies system executable filetype association

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral12

    • Target

      Instagram Account Checker By Amir v0.1/Virus Total/desktop.ini

    • Size

      44B

    • MD5

      c279803b27f13369aa54fc9b84b72468

    • SHA1

      01d430e118952d9e077fdcd7ff13084d375995dc

    • SHA256

      d80758a34364cab9de42ff6ed57bcc753a0936ddddf9952c5b4fb9ff0d7966c9

    • SHA512

      2ba7cfe2fd561a0cc4fdc39ab7e6fe9ea9aee8618afe31030a0a79af06542b83ef66ec4817c646f027e1733263cb46a9a9b6432f01f6a938fa29080a59e44678

    Score
    3/10
    behavioral13

    • Target

      Instagram Account Checker By Amir v0.1/Virus Total/scan.txt

    • Size

      109B

    • MD5

      2e99fbaf1ad4f921ebe1ba0adb710c25

    • SHA1

      6335db361e4666581ca3fd9d594ab1827dba734c

    • SHA256

      f2f02c614c4a88b423ad0a404f7f5e7c1d33c5445e75f3d6f651ae6e791cdd57

    • SHA512

      ac7ccfcc0fd077218cfc8130d587ef03f2e2ca539b052e1f8c224f46a000884b1da1c7daa43600f767b8f3c4da545e0a3832f75caa771022281dbf75ef1ea175

    Score
    3/10
    behavioral14

    • Target

      Instagram Account Checker By Amir v0.1/xNet.dll

    • Size

      99KB

    • MD5

      bf1f76644bddd20339548ebacf7a48eb

    • SHA1

      38114702114105eb3df3f74bf4c68ef7db436f47

    • SHA256

      5d9c2b1822bcaa71ddeaa5426d4312d8e174766ae8864c7add29d7f44cea87f2

    • SHA512

      76132c9e29a0a3054cd41c56d5184951d392a2abd1995e14b34c40f14b154914a6990c107e7fcf4139344759ae6048e9ecf0bdaf0447c1cd589dfacbf901b7c5

    • SSDEEP

      3072:sCMhzHWHfyqxjqCgRGAQIO7ScwpY3wisz0YsXhqnV+xnEd4:sCM52n4RSVPwIhqnV+xnEd

    Score
    1/10
    behavioral15

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Event Triggered Execution

1
T1546

Change Default File Association

1
T1546.001

Defense Evasion

Modify Registry

2
T1112

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Information Discovery

1
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Command and Control

Exfiltration

Impact

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.