Reborn Loader is not safe file to use, one of our users made new thread with it. I wouldn't make this thread, but as far I see this loader is even popular software...
Overall reborn Loader is working as normal cheat loader, it will download file from GitHub.com, and it will inject it. (as you can see down below)
There are extra few things, that caught my attention, all these things in my opinion clearly indicate that Reborn Loader is rat, it will seal all browsers passwords, and disable Microsoft Defender/Anti Spyware via registry, also it will write data to remote process, and is able to make screenshots.
1. Tries to disable Windows Defender/Anti Spyware.
Here we can see all processes from this loader, we can clearly see Reborn Loader is trying to disable Windows Defender/Anti Spyware!
2. Tries to steal sensitive information. History, Tokens, Metadata etc... (file access)
3. Calls an API possibly used to take screenshots
There is no point in disabling Windows Defender/Anti Spyware in cheat loader, you can do it manually, if you know that loader is trusted software. Also, Reborn Loader is touching files which are sensitive, there is no point in checking Edge folder with all information about sessions, history, metadata etc... I can't also explain why there is imported API used to take screenshots, all these things indicate that Reborn Loader is malware. I downloaded the official version of this loader from telegram channel to check it, same thing. Everything that was included in the forum version is also included in the official version. Don't use this loader, if you want to keep all your data safe! If you have lunched this software, reinstall your windows, and later change all passwords! Don't use ant antivirus software, I would recommend reinstalling your OS instead!
Sources:
Hash: 74ea2c9c1aae0f67f22b5cdcd1261ea39252cb4c2a4219da014f364cac2b42c8
Hybrid-Analysis
VirusTotal:
Overall reborn Loader is working as normal cheat loader, it will download file from GitHub.com, and it will inject it. (as you can see down below)
There are extra few things, that caught my attention, all these things in my opinion clearly indicate that Reborn Loader is rat, it will seal all browsers passwords, and disable Microsoft Defender/Anti Spyware via registry, also it will write data to remote process, and is able to make screenshots.
1. Tries to disable Windows Defender/Anti Spyware.
Here we can see all processes from this loader, we can clearly see Reborn Loader is trying to disable Windows Defender/Anti Spyware!
2. Tries to steal sensitive information. History, Tokens, Metadata etc... (file access)
3. Calls an API possibly used to take screenshots
There is no point in disabling Windows Defender/Anti Spyware in cheat loader, you can do it manually, if you know that loader is trusted software. Also, Reborn Loader is touching files which are sensitive, there is no point in checking Edge folder with all information about sessions, history, metadata etc... I can't also explain why there is imported API used to take screenshots, all these things indicate that Reborn Loader is malware. I downloaded the official version of this loader from telegram channel to check it, same thing. Everything that was included in the forum version is also included in the official version. Don't use this loader, if you want to keep all your data safe! If you have lunched this software, reinstall your windows, and later change all passwords! Don't use ant antivirus software, I would recommend reinstalling your OS instead!
Sources:
Hash: 74ea2c9c1aae0f67f22b5cdcd1261ea39252cb4c2a4219da014f364cac2b42c8
Hybrid-Analysis
You must be registered for see links
VirusTotal: