Overview

overview

10

Static

static

3

Netflix To...er.exe

windows10-2004-x64

8

Netflix To...er.exe

windows10-2004-x64

7

Netflix To...ys.exe

windows10-2004-x64

8

Netflix To...ER.exe

windows10-2004-x64

7

Netflix To...er.exe

windows10-2004-x64

7

Netflix To...rv.exe

windows10-2004-x64

1

Netflix To...v2.exe

windows10-2004-x64

7

Netflix To...er.exe

windows10-2004-x64

7

Netflix To...ck.exe

windows10-2004-x64

1

Netflix To...er.exe

windows10-2004-x64

1

Netflix To...ky.exe

windows10-2004-x64

7

Netflix To...er.exe

windows10-2004-x64

7

Netflix To...db.exe

windows10-2004-x64

1

Netflix To...ka.exe

windows10-2004-x64

10

Netflix To...er.exe

windows10-2004-x64

7

Netflix To...cs.exe

windows10-2004-x64

10

Netflix To...V3.exe

windows10-2004-x64

10

Netflix To...er.exe

windows10-2004-x64

7

Netflix To....0.exe

windows10-2004-x64

10

Netflix To...ct.exe

windows10-2004-x64

1

Netflix To...ix.exe

windows10-2004-x64

7

Netflix To...er.exe

windows10-2004-x64

7

Netflix To...ar.exe

windows10-2004-x64

7

Netflix To...er.exe

windows10-2004-x64

7

Netflix To...ar.exe

windows10-2004-x64

1

Netflix To...ui.exe

windows10-2004-x64

1

Netflix To...GC.exe

windows10-2004-x64

4

Netflix To...er.exe

windows10-2004-x64

7

Netflix To...to.exe

windows10-2004-x64

7

Netflix To...on.exe

windows10-2004-x64

7

Netflix To...er.exe

windows10-2004-x64

7

Netflix To...ft.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Netflix Tools PACK.rar

  • Size

    26.4MB

  • Sample

    230623-2wwh7ahc27

  • MD5

    3026ad2a1b021ad46a596f4a51686273

  • SHA1

    3071a936b70d48231f7ab35a2a70a769f81f1e3e

  • SHA256

    1070b4766e0979a8e15ddbd3d0ba27a9d05272027b3a20eaaf9c9fd854f2def7

  • SHA512

    5ea70512b9fd9039a67ca50bab0329eef4082fb975921357947c2c629b5c40b7f0d708e5e8761d872fc2b222bf9d5f9513385d0114ac27ce2f5734909b7adc72

  • SSDEEP

    786432:1nwINKQ4zp5/HxNPvG8g+ofzYEnjnrckPq/ZWq01:DU95/jPtg+Ctn/ckPmZWJ

Score
10/10
elysiumstealerevasionpersistencestealer

Malware Config

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

https://6.top4top.net/p_13529t6r71.jpg

Targets

    • Target

      Netflix Tools PACK/Netflix Tools PACK/GoldFlix GC Netflix Checker/GoldFlix Checker.exe

    • Size

      189KB

    • MD5

      e193f9729e48f1d4f1da645deeea8915

    • SHA1

      4e662d15f9b5e2529297c4027993bf1d896e6423

    • SHA256

      7b34cb1d71e20a0b11cc7c97c7d0ef642e038f5837aba055ab2aa95eecc83a9b

    • SHA512

      5b362dc40988fa5b762716e94cd94e2a188d3b8e02dd39a247a450cea66bb49e79b06fbf677a484df472da2222bd0cf2b8af45c549c40d808470c24bad907415

    • SSDEEP

      1536:xX4lIeP2QbPvIRhw+1Xfb5U71tufwAflMVm4T31CShWss1n/IQCX/K4reDC9PnmC:xX4lIwbPUhw+1Pb1TtCX4GPnH

    Score
    8/10
    evasionpersistence

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral1

    • Target

      Netflix Tools PACK/Netflix Tools PACK/GoldFlix GC Netflix Checker/core/Launcher.exe

    • Size

      53KB

    • MD5

      c6d4c881112022eb30725978ecd7c6ec

    • SHA1

      ba4f96dc374195d873b3eebdb28b633d9a1c5bf5

    • SHA256

      0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32

    • SHA512

      3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981

    • SSDEEP

      768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral2

    • Target

      Netflix Tools PACK/Netflix Tools PACK/GoldFlix GC Netflix Checker/core/gfsys.exe

    • Size

      419KB

    • MD5

      19f1e1913d37b8698e4fc1bb350d754a

    • SHA1

      922909897e1e2aa431bbe7974bb99849d1c18ad3

    • SHA256

      9d9c257a3f669babda5bbbb3d143a7575f17bee0425f90f80f2ef7bd807bfbc5

    • SHA512

      d178276ac46efd2614d94e2e1dd91b01aae7b565326b1dd831b47cebdbe292bf9df3cbca7bffbb34a826a138b681f2d4bf5f76dc54f9cca4b74f40f8a0dbbec1

    • SSDEEP

      3072:D32GhNvn8PQ7Z21lSaR+OV9aE1+qil0lLh:z2GhN/8227EOioAlq

    Score
    8/10
    evasionpersistence

    • Modifies Windows Firewall

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral3

    • Target

      Netflix Tools PACK/Netflix Tools PACK/HITFLIX CHECKER/HITFLIX CHECKER.exe

    • Size

      80KB

    • MD5

      8ed3d3014a65646e012eef55f5d7c758

    • SHA1

      4e13c03976af1f1ac1ba22321feecc380d3194b4

    • SHA256

      15e2056cd0c44b6abf6560bdf93fc046ac8ec42a008091d1016395f73d4764af

    • SHA512

      7b43947831de3deba1a6a1e9e6298173cefbe2cf2cc377e90b798b37c0c8c349b39c3813283295d9932586c3cf6a8ed6beadd138ff3512ae040471e8a50599e3

    • SSDEEP

      1536:f4ljePfvIuVniE8tH9EK1060ulxToJSwhRAt4ttw/:f4ljkzniztRyCTMbhRAt4Lw/

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral4

    • Target

      Netflix Tools PACK/Netflix Tools PACK/HITFLIX CHECKER/sys/Launcher.exe

    • Size

      53KB

    • MD5

      c6d4c881112022eb30725978ecd7c6ec

    • SHA1

      ba4f96dc374195d873b3eebdb28b633d9a1c5bf5

    • SHA256

      0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32

    • SHA512

      3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981

    • SSDEEP

      768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral5

    • Target

      Netflix Tools PACK/Netflix Tools PACK/HITFLIX CHECKER/sys/serv.exe

    • Size

      86KB

    • MD5

      f6c574bf9951a9b4168b1a01f1564e87

    • SHA1

      d35ad68096d485b378a47a17cd440724cb7f98af

    • SHA256

      2b36b2e35e2d8726a078d9d095bd0fc3086d3a3afb593e39e4f80f7d24a6c191

    • SHA512

      dea0d9f878cc619137a77ca90ccbcf1978ed3598b35ede7362369b270e83bc71caecabc6040f16befcf566bebc3a2728324b527288541c0c33a1e3537aa8b7b8

    • SSDEEP

      1536:CjR9msNf9uL4SrP8IlzYbAWBrnFWdd63kJahS9pT0zTnbs3j:Cm0f9uLtYC0AWBjFWdd63kJahS9pT0zi

    Score
    1/10
    behavioral6

    • Target

      Netflix Tools PACK/Netflix Tools PACK/NetFlix Checker by xRisky v2/NetFlix Checker by xRisky v2.exe

    • Size

      187KB

    • MD5

      a936e1c25e761f0dac98e9d42ad28637

    • SHA1

      1c9168c664a0bf33be15aa8311f803f7ebe865cb

    • SHA256

      cc93d5cb201a68dd673a5cf55ac97723b226fb670a73df2d29548bf25245c2a4

    • SHA512

      91ab6da7dcfe8639eb0a9c743e6e10ad6b2b30b5ef99e2b779402983a5485414e84f91539b18b93ff528517402ad24538f3ad929b6a583907b71dca1c631a636

    • SSDEEP

      1536:94l0gePQLjUDAbY1oCT/n9156ET5B61H7SRIRUnPYG+lB:94l0g5G93/6hRUgt

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral7

    • Target

      Netflix Tools PACK/Netflix Tools PACK/NetFlix Checker by xRisky v2/debug/Launcher.exe

    • Size

      53KB

    • MD5

      c6d4c881112022eb30725978ecd7c6ec

    • SHA1

      ba4f96dc374195d873b3eebdb28b633d9a1c5bf5

    • SHA256

      0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32

    • SHA512

      3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981

    • SSDEEP

      768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral8

    • Target

      Netflix Tools PACK/Netflix Tools PACK/NetFlix Checker by xRisky v2/debug/NetCheck.exe

    • Size

      6.2MB

    • MD5

      5767a86dedd068e8f14f1570a9052303

    • SHA1

      ccee276337037c0dbe9d83d96eefb360c5655a03

    • SHA256

      cc815fcc20a41a0a2bf9c1574518004327ebb889e666d964e095482c5996ef11

    • SHA512

      9121ae4a5c8a1485e3fc795f4857f2e44fa5a0271ffca747d195b9cde384f1e8f60864f2f4e955b96ecd38a1f6b2bd5acfb21e5ca5769b3f15c0c0d5937b6c3f

    • SSDEEP

      196608:/ps7wa/hf0+P4aTMf+LZ5PefLEAyfWgJElwjAOER/4Uf/J1MtZkHnbFuRKnbErc/:/ps7h/hf0xNf+LZ5PefLEAyfWgJElwjE

    Score
    1/10
    behavioral9

    • Target

      Netflix Tools PACK/Netflix Tools PACK/NetFlix Checker by xRisky v2/debug/chromedriver.exe

    • Size

      8.2MB

    • MD5

      467838b0da3380609a468679b0639abc

    • SHA1

      e3b21daf2e7d9e7f564daca4d6b6a772e78f74a2

    • SHA256

      282dd0a35f2336e409fc82ebc8649b0f9257c4016af75111ed709ee7c9132ef2

    • SHA512

      aeb188d37a7184d235c27bc692e255a46e8a6c5d1e48e8b2d1258b0e4d342fe3468671ced9887c3ce2bc7ae71d94f9b25c738cd0742c9135386f20774402cc87

    • SSDEEP

      98304:uhGs9SiTCiSt0EmrSb9XRPTg7BorV3KeL0E/h14CtsEtZuP:uwMujsSBRPTg7BqVt6OU

    Score
    1/10
    behavioral10

    • Target

      Netflix Tools PACK/Netflix Tools PACK/NetFlix GC Checker by xRisky/NetFlix GC Checker by xRisky.exe

    • Size

      47KB

    • MD5

      87e413aef4b60ecfb24cc24b803a54db

    • SHA1

      3d2c26e5920f7dcb88e27511af5eecfa97579089

    • SHA256

      b1fdbeef0438fc5f151d3db52b1bd0fe6abf2e9396124a3ffa4c03e73d349458

    • SHA512

      0e74551866320657ca383689e4ca34d2021b3284226d7684d836b6aa2d41cb7f0181a602beea45512e26ca70c3c449186ecf064357e558cc6e07c0003d41abf9

    • SSDEEP

      768:Nec4lj/fePn4658PC7b1ye6vLsOm6+q9Oi1:n4ljePxVZyeOmVAT1

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral11

    • Target

      Netflix Tools PACK/Netflix Tools PACK/NetFlix GC Checker by xRisky/data/Launcher.exe

    • Size

      53KB

    • MD5

      c6d4c881112022eb30725978ecd7c6ec

    • SHA1

      ba4f96dc374195d873b3eebdb28b633d9a1c5bf5

    • SHA256

      0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32

    • SHA512

      3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981

    • SSDEEP

      768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral12

    • Target

      Netflix Tools PACK/Netflix Tools PACK/NetFlix GC Checker by xRisky/data/litedb.exe

    • Size

      1.9MB

    • MD5

      c20fe813ce74afaaecc2963ed2f38399

    • SHA1

      495d949a54a7af8ada87eec7d4c1709588073295

    • SHA256

      0a33ac7f5c5a236e63ff5cc404f39364d6f571601c85484c24e5b4b33b3d5b70

    • SHA512

      d79b887927284b283ed32e460c749485be1b1acdaac53563777c1140fb9f48fda7b28616d445fb2a75872fe344431086c5ab7f6a2ad12ed636bb778a862f7268

    • SSDEEP

      24576:SQ9u98/1Xx+nuiSgGKTeLYywTXyP5llinpFubRnwJ9f3EdIMVWKWkAaIvuonXQ:PITnyiyP5inpFutaB3o9IH97A

    Score
    1/10
    behavioral13

    • Target

      Netflix Tools PACK/Netflix Tools PACK/Netflix Checker by GOD Cracked By GM`ka/Netflix by GOD Cracked By GM`ka.exe

    • Size

      184KB

    • MD5

      aa3bb11ee0c84761496dfdb9e6e5b63f

    • SHA1

      8abbf52400836f9e2cc8695f31a44398f0a8a220

    • SHA256

      4b4be96ea88ab429172e0ff04475179478f7afd2784ec0a07ae4bc78b2104d3a

    • SHA512

      3643410c32ccb5202c1bbb8cf79f65bcb7accd36cce45672eacd71c051a2b7e0f253bd18979ac68d91b2272b6666d10916788bf9d340abd660b0f42144dc44d9

    • SSDEEP

      1536:SX4ljePvu7ZTJqCgiv/RbgyPnY9dF0IaJZI6huB2vtChPw:SX4ljH/q4bg4nY9dt2vtChPw

    Score
    10/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral14

    • Target

      Netflix Tools PACK/Netflix Tools PACK/Netflix Checker by GOD Cracked By GM`ka/xNet/Launcher.exe

    • Size

      53KB

    • MD5

      c6d4c881112022eb30725978ecd7c6ec

    • SHA1

      ba4f96dc374195d873b3eebdb28b633d9a1c5bf5

    • SHA256

      0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32

    • SHA512

      3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981

    • SSDEEP

      768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral15

    • Target

      Netflix Tools PACK/Netflix Tools PACK/Netflix Checker by GOD Cracked By GM`ka/xNet/procs.exe

    • Size

      1.7MB

    • MD5

      98bfaca19a9ae44bb60fbc3e98e54d09

    • SHA1

      e2f100fc3eb808fe26cdc26327920293c1272cab

    • SHA256

      a0e92f4093a2238cd10451cb37932acbfe2ccdddedb7106b9faaa22fadf582e3

    • SHA512

      d8b5abdb9692f54a512d53589537bb8b4aa489443ef7ae77aede69d5c1510a32ce2508eeca1ff50898fb2305151c53b9f03449dac9a75b4ea8aa370a324f4fbe

    • SSDEEP

      49152:Cl1b5zTZ5YfiyFc7Eno6T2te21ZkWQ5XK9Ey5:CdzxCzfTOe2k5amW

    Score
    10/10

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Drops file in System32 directory

    behavioral16

    • Target

      Netflix Tools PACK/Netflix Tools PACK/Netflix Checker Shitter By Team-Otimus V3.0/NetFlix_Shitter_V3.0_By_Team-Otimus-protected_Protected.exe

    • Size

      172KB

    • MD5

      f2bd839c56d64ab969235be1a72bf420

    • SHA1

      5356266764a7aff5a7952bff114414095aaf4fe9

    • SHA256

      69beac5b754e6683e8f1c7d08be68094dba8161cf200b884036916787f1ac849

    • SHA512

      c604b465172273e9d71632a014b6b9c4b3bca2088e9f4316d3b18fe8490596997a16ca588e0ed1d777cf2caaff20ed13fe2ca46e87d48d8de41aace62033a87c

    • SSDEEP

      3072:t4lsOFEjP4AvO7LUhLacDaXhDXzsAw/yZ:t6sO0DeX

    Score
    10/10
    elysiumstealerpersistencestealer

    • ElysiumStealer

      ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.

      stealerelysiumstealer

    • ElysiumStealer Support DLL

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral17

    • Target

      Netflix Tools PACK/Netflix Tools PACK/Netflix Checker Shitter By Team-Otimus V3.0/Team-Otimus V3.0/Launcher.exe

    • Size

      53KB

    • MD5

      c6d4c881112022eb30725978ecd7c6ec

    • SHA1

      ba4f96dc374195d873b3eebdb28b633d9a1c5bf5

    • SHA256

      0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32

    • SHA512

      3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981

    • SSDEEP

      768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral18

    • Target

      Netflix Tools PACK/Netflix Tools PACK/Netflix Checker Shitter By Team-Otimus V3.0/Team-Otimus V3.0/Shitter 3.0.exe

    • Size

      2.0MB

    • MD5

      328363afedfb05a045788fc37273ab0b

    • SHA1

      38a3e9d74af2b746382c8fab5666cac1b0300297

    • SHA256

      ee7666c6cd823b082bfd9ecc8fe2c090e23e4882da3759c3d07bd5d8ade47790

    • SHA512

      5db66eb7275c6f127117dc25612dc3fbd3ffc129057498ae2fe125526b95cf17e3a4fe56f58d72c10ec21c54e13a9aac182c3c35727219fa0f86f4e030d8f448

    • SSDEEP

      49152:YVfVEVFItr7yP/jxsvShLOyVQDnPP9oqi:YVfVEVFY78LxsahL3iDnP

    Score
    10/10
    elysiumstealerstealer

    • ElysiumStealer

      ElysiumStealer (previously known as ZeromaxStealer) is an info stealer that can steal login credentials for various accounts.

      stealerelysiumstealer

    • ElysiumStealer Support DLL

    • Loads dropped DLL

    behavioral19

    • Target

      Netflix Tools PACK/Netflix Tools PACK/Netflix Checker Shitter By Team-Otimus V3.0/Team-Otimus V3.0/ttdinject.exe

    • Size

      186KB

    • MD5

      cafc1c2087373176460a863e4ee29c19

    • SHA1

      853c080b9e0c6342e50866f39c0bb18b1e01784b

    • SHA256

      3572ada17a4e88324a3295338cd9bf02bc9c76d881ab020576ff759733146dfa

    • SHA512

      bc01f401640f44c134b8158a4044e8ee3acfc806ac42c06da7d06148178474927f8b751c39d816fe7433e6605da34c8c8bcbd146dca092cbef66bd673878800b

    • SSDEEP

      3072:P7+nuZC491nBweMVewi0FOPU5I2ze3DgOTgZoX+NV597Io0aeg:PB84Rwi0F2UDvOw2YPfAg

    Score
    1/10
    behavioral20

    • Target

      Netflix Tools PACK/Netflix Tools PACK/Netflix Checker V3.1 by Cetrix/Netflix Checker V3.1 by Centrix.exe

    • Size

      184KB

    • MD5

      01e922bc03813246077b050feca54259

    • SHA1

      1b2d4e915f6fc105444e325fa39006b5843d3c8a

    • SHA256

      8831e54b0bd6df389fa3a63775a17bfcf653bb00a8ec1a6d79f0755b6a1e0e15

    • SHA512

      488bfc2c89f9c03ab110a14a54d608dcdfb430bf6ffe320edc0d5837712a58dba3c1eb797259769055f7fc998ad04d7f06d18d31c54f5b942065d9971af3f338

    • SSDEEP

      1536:3X4lOePvu7ZTJqCgiv/RbgyPnY9dF0IaJZI6huB2vtChPw:3X4lOv/q4bg4nY9dt2vtChPw

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral21

    • Target

      Netflix Tools PACK/Netflix Tools PACK/Netflix Checker V3.1 by Cetrix/sysdll/Launcher.exe

    • Size

      53KB

    • MD5

      c6d4c881112022eb30725978ecd7c6ec

    • SHA1

      ba4f96dc374195d873b3eebdb28b633d9a1c5bf5

    • SHA256

      0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32

    • SHA512

      3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981

    • SSDEEP

      768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral22

    • Target

      Netflix Tools PACK/Netflix Tools PACK/Netflix Checker v1 by Sh4lltear/Netflix Checker v1 by Sh4lltear.exe

    • Size

      436KB

    • MD5

      b029aba0478c2e4952b8d8d47a8254c2

    • SHA1

      768a49d63fb3276d5084acafacb51c920c84c06f

    • SHA256

      d507efaba5a96790221f25aadbe81d1a26ef94019b39cb7584ff54e06d6b8b68

    • SHA512

      e1c09cf6c9fd854cf830fdcaf8828332e357dbd66dd3498ab16aa0b6c8a532bde3c3c9a1b1ba35b9096a66f2a9a0b9cfa8f158fcd4c0c25f2a53aca6a1c024d8

    • SSDEEP

      3072:e4lJ7LQ666C66G666i666o666y666B66c666G66f666+666u6669p666366o6663:e6J7gXtwJ3xjpfVKWMy

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral23

    • Target

      Netflix Tools PACK/Netflix Tools PACK/Netflix Checker v1 by Sh4lltear/sysdll/Launcher.exe

    • Size

      53KB

    • MD5

      c6d4c881112022eb30725978ecd7c6ec

    • SHA1

      ba4f96dc374195d873b3eebdb28b633d9a1c5bf5

    • SHA256

      0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32

    • SHA512

      3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981

    • SSDEEP

      768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral24

    • Target

      Netflix Tools PACK/Netflix Tools PACK/Netflix Checker v1 by Sh4lltear/sysdll/Sh4lltear.exe

    • Size

      931KB

    • MD5

      22fc400218a4c1444ee789f70059a083

    • SHA1

      0ffc63bba522c492a7e2ae94d927cfffe1e821e7

    • SHA256

      d188ead90b853e579668b15a788701ff073964d49e816ab82658a53e68cae719

    • SHA512

      1c0970998cc34108a4db0845beb2548f9fbd595a9b8cd66a6aa0418fd5f527c4fb845379cd1da80de6e42f9877e8e2b983fde5af00f5c6cbd2567019652e4442

    • SSDEEP

      24576:BEMwFuUbUBqMwFuUbUBPMwFuUbUB/iSMwFuU+UB:BwQDBdwQDBEwQDB/i1wQMB

    Score
    1/10
    behavioral25

    • Target

      Netflix Tools PACK/Netflix Tools PACK/Netflix Checker v1 by Sh4lltear/sysdll/wscadminui.exe

    • Size

      8KB

    • MD5

      90b2c449b60dfadac01e79a309d15314

    • SHA1

      ae80a75245da799059b22249cfca8b025eebf2c5

    • SHA256

      2f635e7f807bad772c5787f64752aef25318a38cd7e39ba7d8e6c06c39a935d0

    • SHA512

      abb64db20b4db8dc992b79899941f4c5b53693c78a744cd22db8fd7c4f56f4ea3cf7b14c0f3bee8b761264af55d3d9cd94cb43e25b850868156673083bad5daa

    • SSDEEP

      96:+onf1X+eAxi2Ytsp203WDLDGjQ5HUCUuD5MOtmKEWThRWw3jI:+6fR+eAxHYwBLeZjD5MOtmXWThRWuj

    Score
    1/10
    behavioral26

    • Target

      Netflix Tools PACK/Netflix Tools PACK/Netflix GC Generator By SpaceXVIII/Gen/GC.exe

    • Size

      302KB

    • MD5

      b02bdf8aeb0e96e69b2107fbc96c3f1f

    • SHA1

      90771870f1909f881130cc1f7a164707fcc0160a

    • SHA256

      d7b2e25f499fbbe984af4dde8d05cca96d7deefddefc490b2bb44b84340f9835

    • SHA512

      60788e68b91faeb24ad5df7c7467a03ef4be585738c962a166312e309ada79d0ef26c91938b2fd5515c7c9e1f06f34fb9d7ad0c80671817c3f989a179c8313ed

    • SSDEEP

      3072:YwMfUEnWOkzE/JvsUwEWmpN1Hh3ueVj/GPE4GnnnVnfL4SLQEndIUuhgc2:iOE/dPh3vYwnV5M2dIUuU

    Score
    4/10
    behavioral27

    • Target

      Netflix Tools PACK/Netflix Tools PACK/Netflix GC Generator By SpaceXVIII/Gen/Launcher.exe

    • Size

      53KB

    • MD5

      c6d4c881112022eb30725978ecd7c6ec

    • SHA1

      ba4f96dc374195d873b3eebdb28b633d9a1c5bf5

    • SHA256

      0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32

    • SHA512

      3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981

    • SSDEEP

      768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral28

    • Target

      Netflix Tools PACK/Netflix Tools PACK/Netflix GC Generator By SpaceXVIII/Netflix GC Cracked.to.exe

    • Size

      172KB

    • MD5

      076027fae13f9b886d78ebe466fa5973

    • SHA1

      572b825dddc610eaeddf82df24472430cbe357ff

    • SHA256

      c167494125ef849dad5077bc98d9a66ef013eb6e92770b9ce0c968515cf8644a

    • SHA512

      2ef97b7d1e3b70f380f664ee5ab8b09233eff18aeb1ab23a2115e9fddbba499bd43008aa7719ebf27935aaeabb598b27e88c7bb23805f6406861065ed575c004

    • SSDEEP

      3072:z4lsvEjP4AvO7LUhLacDaXhDXzsAw/yZ:z6s+DeX

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral29

    • Target

      Netflix Tools PACK/Netflix Tools PACK/Netflix password changer + capture by RubiconT/Netflix by Rubicon.exe

    • Size

      172KB

    • MD5

      4b3932d6fc6e2674dfa011acb61420d8

    • SHA1

      176e8aa6400722202ad7238c80008409eea9c872

    • SHA256

      843c667a85ea8f5f586c34ab9b290d4bb8323b27c867239576e8a5530a6181b4

    • SHA512

      1d0ac9ef84ca0efca022963fabe9468475447c149accdde1d5e497951cc84a4d5aef54ad0e6a470600f3e0ebbb7a66ddc4269146155a5b8c57af0c60844cc68d

    • SSDEEP

      3072:g4lqQW95d30WXGTwqbvqM+BfFH+nV67JO8VXa:g6qQW95dEWXybFcfyV6tlVX

    Score
    7/10

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral30

    • Target

      Netflix Tools PACK/Netflix Tools PACK/Netflix password changer + capture by RubiconT/nsi/Launcher.exe

    • Size

      53KB

    • MD5

      c6d4c881112022eb30725978ecd7c6ec

    • SHA1

      ba4f96dc374195d873b3eebdb28b633d9a1c5bf5

    • SHA256

      0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32

    • SHA512

      3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981

    • SSDEEP

      768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5

    Score
    7/10
    persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops startup file

    • Executes dropped EXE

    • Adds Run key to start application

      persistence
    behavioral31

    • Target

      Netflix Tools PACK/Netflix Tools PACK/Netflix password changer + capture by RubiconT/nsi/RubiconSoft.exe

    • Size

      132KB

    • MD5

      593e3c4e79aac503ecc36e6f3e4039d6

    • SHA1

      d19a1d24b61d7358d50a99b35e3a8a119e66a783

    • SHA256

      2768c17af7d2f15c3848d6dc32b34b94089c2199be35d40ce29fc6aec39cc50d

    • SHA512

      af03476b97d739e0d49417a3654c021ee7712897eb0f618d430aa5cb86ee021f9bf4f50cd68531e8bbb282f6ffb55d65bfe5c549cc09fa46ada95def33ad047f

    • SSDEEP

      1536:7EhQKAntehqtpQlkK0wHHHvoooo3hB2a8I5ZlHZ+NQFuJa0NHXBPLkxdmGzYHF:uQZntudBcIJA9NFLM9Yl

    Score
    1/10
    behavioral32

MITRE ATT&CK Enterprise v6

Tasks

static1

Score
3/10

behavioral1

evasionpersistence
Score
8/10

behavioral2

persistence
Score
7/10

behavioral3

evasionpersistence
Score
8/10

behavioral4

persistence
Score
7/10

behavioral5

persistence
Score
7/10

behavioral6

Score
1/10

behavioral7

persistence
Score
7/10

behavioral8

persistence
Score
7/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

persistence
Score
7/10

behavioral12

persistence
Score
7/10

behavioral13

Score
1/10

behavioral14

persistence
Score
10/10

behavioral15

persistence
Score
7/10

behavioral16

Score
10/10

behavioral17

elysiumstealerpersistencestealer
Score
10/10

behavioral18

persistence
Score
7/10

behavioral19

elysiumstealerstealer
Score
10/10

behavioral20

Score
1/10

behavioral21

persistence
Score
7/10

behavioral22

persistence
Score
7/10

behavioral23

persistence
Score
7/10

behavioral24

persistence
Score
7/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
4/10

behavioral28

persistence
Score
7/10

behavioral29

persistence
Score
7/10

behavioral30

Score
7/10

behavioral31

persistence
Score
7/10

behavioral32

Score
1/10