njrat | 42d3b70f87a52ad776ff802da5895b36610f905f31350f25bf51a9355be343f4

Sharing

Copy URL

Twitter E-mail

General

Target

Netflix Tools PACK.rar
Size

26.4MB
Sample

241030-14ae9atlcm
MD5

2f953770471a4ad2b805a767da81d98a
SHA1

2770a2e170966ca118627bc5c7ee95c7c0c9eb22
SHA256

42d3b70f87a52ad776ff802da5895b36610f905f31350f25bf51a9355be343f4
SHA512

624eab425a71b50c3c9cf5460bcc34b16a82fa7602fa58c1a468623c73b0dfbb68d4b4ca4711ea9f37b2826ac9f492bf986eaa6305d81e7cadac9863ae8d292a
SSDEEP

786432:Tw+kgQSPL0v86myPlFAXQ1RRg/jeJzDm1cm1+Z:c9gQSPwvvDlWgSC9m+mYZ

Score

10^/10

njrat pc_discovery evasion execution persistence privilege_escalation trojan

Malware Config

Extracted

Family

njrat

Version

0.7d

Botnet

PC_

hccr.sytes.net:1411

Mutex

460557edf4b4cbfb08eadcebcbd28364

Attributes

reg_key
460557edf4b4cbfb08eadcebcbd28364
splitter
|'|'|

Targets

- Target
  
  Netflix Tools PACK/GoldFlix GC Netflix Checker/GoldFlix Checker.exe
- Size
  
  189KB
- MD5
  
  e193f9729e48f1d4f1da645deeea8915
- SHA1
  
  4e662d15f9b5e2529297c4027993bf1d896e6423
- SHA256
  
  7b34cb1d71e20a0b11cc7c97c7d0ef642e038f5837aba055ab2aa95eecc83a9b
- SHA512
  
  5b362dc40988fa5b762716e94cd94e2a188d3b8e02dd39a247a450cea66bb49e79b06fbf677a484df472da2222bd0cf2b8af45c549c40d808470c24bad907415
- SSDEEP
  
  1536:xX4lIeP2QbPvIRhw+1Xfb5U71tufwAflMVm4T31CShWss1n/IQCX/K4reDC9PnmC:xX4lIwbPUhw+1Pb1TtCX4GPnH
Score

10^/10

njrat pc_discovery evasion execution persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral1
- Target
  
  Netflix Tools PACK/GoldFlix GC Netflix Checker/Leaf.xNet.dll
- Size
  
  115KB
- MD5
  
  42cf916df4ea1d300201ec9559b7bef3
- SHA1
  
  f58abe0ad5f3e033a9dbebcebd02692c5d35936d
- SHA256
  
  939c8980bcb9bd9a2279714f6086714229e7af194ec4e32677c5a4ed96db5edd
- SHA512
  
  2d03d21b369b9784329573e8219553f4c6b3cae66515ebe7409154c7457e3cfb95f8dfac5bae57820ade2a5219dd7d10ce34d72ec8971b2fbb7024a5a23cc1ed
- SSDEEP
  
  3072:68eadOu2iOCIckQucNPlkZnVVkeLm/RV1oal:68BEu3OCIINWZnVV
Score

1^/10
behavioral2
- Target
  
  Netflix Tools PACK/GoldFlix GC Netflix Checker/MetroSuite 2.0.dll
- Size
  
  305KB
- MD5
  
  0d30a398cec0ff006b6ea2b52d11e744
- SHA1
  
  4ceebd9c6180a321c4d4f3cfb5cfc3952bf72b45
- SHA256
  
  8604bf2a1fe2e94dc1ea1fbd0cf54e77303493b93994df48479dc683580aa654
- SHA512
  
  8e06ff131a81e73b1ff5de78262701a11ecc2bcdaf41011f4e96f11c5372742478e70b6a0901b61953c21c95725532af8d785654405ec5066ad157e2143467cc
- SSDEEP
  
  3072:K6J2UBugOAI+yjNDWswy1MNo1EvnvkgvloSVQBjDifX0pPSRZ9KZdf8uvqtXfZBF:K6Jr8xhFzfOaa3xqQnQGTO
Score

1^/10
behavioral3
- Target
  
  Netflix Tools PACK/GoldFlix GC Netflix Checker/core/Ionic.Zip.dll
- Size
  
  480KB
- MD5
  
  f6933bf7cee0fd6c80cdf207ff15a523
- SHA1
  
  039eeb1169e1defe387c7d4ca4021bce9d11786d
- SHA256
  
  17bb0c9be45289a2be56a5f5a68ec9891d7792b886e0054bc86d57fe84d01c89
- SHA512
  
  88675512daa41e17ce4daf6ca764ccb17cd9633a7c2b7545875089cae60f6918909a947f3b1692d16ec5fa209e18e84bc0ff3594f72c3e677a6cca9f3a70b8d6
- SSDEEP
  
  6144:OhagC/Mq25o9sXGtSV41OJDsTDDVUMle6ZjxLV/kHu4Bht79I9:iagxWS4msNUCe65fkHdBf9
Score

1^/10
behavioral4
- Target
  
  Netflix Tools PACK/GoldFlix GC Netflix Checker/core/Launcher.exe
- Size
  
  53KB
- MD5
  
  c6d4c881112022eb30725978ecd7c6ec
- SHA1
  
  ba4f96dc374195d873b3eebdb28b633d9a1c5bf5
- SHA256
  
  0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32
- SHA512
  
  3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981
- SSDEEP
  
  768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5
Score

8^/10

discovery execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral5
- Target
  
  Netflix Tools PACK/GoldFlix GC Netflix Checker/core/Leaf.xNet.dll
- Size
  
  115KB
- MD5
  
  42cf916df4ea1d300201ec9559b7bef3
- SHA1
  
  f58abe0ad5f3e033a9dbebcebd02692c5d35936d
- SHA256
  
  939c8980bcb9bd9a2279714f6086714229e7af194ec4e32677c5a4ed96db5edd
- SHA512
  
  2d03d21b369b9784329573e8219553f4c6b3cae66515ebe7409154c7457e3cfb95f8dfac5bae57820ade2a5219dd7d10ce34d72ec8971b2fbb7024a5a23cc1ed
- SSDEEP
  
  3072:68eadOu2iOCIckQucNPlkZnVVkeLm/RV1oal:68BEu3OCIINWZnVV
Score

1^/10
behavioral6
- Target
  
  Netflix Tools PACK/GoldFlix GC Netflix Checker/core/MetroSuite 2.0.dll
- Size
  
  305KB
- MD5
  
  0d30a398cec0ff006b6ea2b52d11e744
- SHA1
  
  4ceebd9c6180a321c4d4f3cfb5cfc3952bf72b45
- SHA256
  
  8604bf2a1fe2e94dc1ea1fbd0cf54e77303493b93994df48479dc683580aa654
- SHA512
  
  8e06ff131a81e73b1ff5de78262701a11ecc2bcdaf41011f4e96f11c5372742478e70b6a0901b61953c21c95725532af8d785654405ec5066ad157e2143467cc
- SSDEEP
  
  3072:K6J2UBugOAI+yjNDWswy1MNo1EvnvkgvloSVQBjDifX0pPSRZ9KZdf8uvqtXfZBF:K6Jr8xhFzfOaa3xqQnQGTO
Score

1^/10
behavioral7
- Target
  
  Netflix Tools PACK/GoldFlix GC Netflix Checker/core/gfsys.exe
- Size
  
  419KB
- MD5
  
  19f1e1913d37b8698e4fc1bb350d754a
- SHA1
  
  922909897e1e2aa431bbe7974bb99849d1c18ad3
- SHA256
  
  9d9c257a3f669babda5bbbb3d143a7575f17bee0425f90f80f2ef7bd807bfbc5
- SHA512
  
  d178276ac46efd2614d94e2e1dd91b01aae7b565326b1dd831b47cebdbe292bf9df3cbca7bffbb34a826a138b681f2d4bf5f76dc54f9cca4b74f40f8a0dbbec1
- SSDEEP
  
  3072:D32GhNvn8PQ7Z21lSaR+OV9aE1+qil0lLh:z2GhN/8227EOioAlq
Score

10^/10

njrat pc_discovery evasion persistence privilege_escalation trojan
- Njrat family
  njrat
- njRAT/Bladabindi
  Widely used RAT written in .NET.
  trojan njrat
- Modifies Windows Firewall
  evasion
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral8
- Target
  
  Netflix Tools PACK/HITFLIX CHECKER/Colorful.Console.dll
- Size
  
  212KB
- MD5
  
  0af79956961ee57bb1d13959fc531bb9
- SHA1
  
  4929471cddbbf5a17cc1dcd461255cb1a3a14451
- SHA256
  
  eb1b624d20e4775b30489d93203f4556f460656f6eef9a2482edcf094d54703f
- SHA512
  
  829592f4f938a57ba577e2450665394748cdd4aca9e500e636d8122e542432e1867c6ea5606819e90f399a2bd2e1578285174c1bb28e1836ed1979d214f4b898
- SSDEEP
  
  6144:ILo17wps/wyxN3S43xPGFRJ1rUG1PiWt5txplaIB:N7wMwyD3S43ZGFRJRUG1PiMtxplaIB
Score

1^/10
behavioral9
- Target
  
  Netflix Tools PACK/HITFLIX CHECKER/HITFLIX CHECKER.exe
- Size
  
  80KB
- MD5
  
  8ed3d3014a65646e012eef55f5d7c758
- SHA1
  
  4e13c03976af1f1ac1ba22321feecc380d3194b4
- SHA256
  
  15e2056cd0c44b6abf6560bdf93fc046ac8ec42a008091d1016395f73d4764af
- SHA512
  
  7b43947831de3deba1a6a1e9e6298173cefbe2cf2cc377e90b798b37c0c8c349b39c3813283295d9932586c3cf6a8ed6beadd138ff3512ae040471e8a50599e3
- SSDEEP
  
  1536:f4ljePfvIuVniE8tH9EK1060ulxToJSwhRAt4ttw/:f4ljkzniztRyCTMbhRAt4Lw/
Score

8^/10

discovery execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral10
- Target
  
  Netflix Tools PACK/HITFLIX CHECKER/Newtonsoft.Json.dll
- Size
  
  1.6MB
- MD5
  
  d3db5a523feb9d3130a38d7fc85a66ef
- SHA1
  
  e1dce15f9d4c45e7667fa78bc0efd3a13bf70fb8
- SHA256
  
  959ec15069202cbba09ea77a4ab2bc0109cbbbfbf8522620d8f1ec80f657219e
- SHA512
  
  2f0aad47d99c02879d90d9efc1442318f3fa12a082a6c5bcae9ad08c5c21481867ba6c97497c8d6173e11de96114fd9541687bf76813a0fed85bf243a58e94b1
- SSDEEP
  
  24576:vtqS1RpVG9nU7JyPKp2rfMXJekPhb0Xq2rxc46Dt2hDsKKQX9NX:QgHV8nAJye2r059Z0XtrxT6aKQX
Score

1^/10
behavioral11
- Target
  
  Netflix Tools PACK/HITFLIX CHECKER/sys/CheckerBasics.dll
- Size
  
  84KB
- MD5
  
  f00e9acba094f47d9fd7a67fcf8e39c3
- SHA1
  
  2097063ddceb88058337e27441dfc18df3020de9
- SHA256
  
  e32a24a10116cb3475a60791084f4d6414eb12b9d35dca7df65c61c9d85f87d8
- SHA512
  
  12801f4a7989e5aa953618d326d582c0178af64b79f0676d79494259c545440c9295e1c218c25f2488abfbaa902d94426761563f7dad40c6d7d23bab27dfb237
- SSDEEP
  
  1536:omgBFN3TEB9msgUDIqUjJgeZ24u11xRWXqkyoPYspy:oZBO9rpUjaX4u11xRWXqkyoPYspy
Score

1^/10
behavioral12
- Target
  
  Netflix Tools PACK/HITFLIX CHECKER/sys/Colorful.Console.dll
- Size
  
  212KB
- MD5
  
  0af79956961ee57bb1d13959fc531bb9
- SHA1
  
  4929471cddbbf5a17cc1dcd461255cb1a3a14451
- SHA256
  
  eb1b624d20e4775b30489d93203f4556f460656f6eef9a2482edcf094d54703f
- SHA512
  
  829592f4f938a57ba577e2450665394748cdd4aca9e500e636d8122e542432e1867c6ea5606819e90f399a2bd2e1578285174c1bb28e1836ed1979d214f4b898
- SSDEEP
  
  6144:ILo17wps/wyxN3S43xPGFRJ1rUG1PiWt5txplaIB:N7wMwyD3S43ZGFRJRUG1PiMtxplaIB
Score

1^/10
behavioral13
- Target
  
  Netflix Tools PACK/HITFLIX CHECKER/sys/Ionic.Zip.dll
- Size
  
  480KB
- MD5
  
  f6933bf7cee0fd6c80cdf207ff15a523
- SHA1
  
  039eeb1169e1defe387c7d4ca4021bce9d11786d
- SHA256
  
  17bb0c9be45289a2be56a5f5a68ec9891d7792b886e0054bc86d57fe84d01c89
- SHA512
  
  88675512daa41e17ce4daf6ca764ccb17cd9633a7c2b7545875089cae60f6918909a947f3b1692d16ec5fa209e18e84bc0ff3594f72c3e677a6cca9f3a70b8d6
- SSDEEP
  
  6144:OhagC/Mq25o9sXGtSV41OJDsTDDVUMle6ZjxLV/kHu4Bht79I9:iagxWS4msNUCe65fkHdBf9
Score

1^/10
behavioral14
- Target
  
  Netflix Tools PACK/HITFLIX CHECKER/sys/Launcher.exe
- Size
  
  53KB
- MD5
  
  c6d4c881112022eb30725978ecd7c6ec
- SHA1
  
  ba4f96dc374195d873b3eebdb28b633d9a1c5bf5
- SHA256
  
  0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32
- SHA512
  
  3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981
- SSDEEP
  
  768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5
Score

8^/10

discovery execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral15
- Target
  
  Netflix Tools PACK/HITFLIX CHECKER/sys/Leaf.xNet.dll
- Size
  
  361KB
- MD5
  
  b7becc52d0fcbde524ad918569b726c0
- SHA1
  
  f37d00dec1d36fa09486e4e496b0f399a64c1d18
- SHA256
  
  3328763e0033625ec25033b8324b1ef6d86896d619be59b547b4a7cb1d63ab8d
- SHA512
  
  fe5d3179fc19d5af6857c7bf6f3d5e0f48ccb25778186172805619760b1011bb576f5b09e916227f7e29d90d658531ebda6477070462b42679bae9d3adf96f89
- SSDEEP
  
  6144:q/ZsIq0yD3ORK7vlDCsNVsrWgKu4TrepJd+B9asNMHLNM1m1vtSYzJ8vNRie74y+:YZSll+0V4Ku4TrepJd+BssNMHLN6m1FX
Score

1^/10
behavioral16
- Target
  
  Netflix Tools PACK/HITFLIX CHECKER/sys/Newtonsoft.Json.dll
- Size
  
  1.6MB
- MD5
  
  d3db5a523feb9d3130a38d7fc85a66ef
- SHA1
  
  e1dce15f9d4c45e7667fa78bc0efd3a13bf70fb8
- SHA256
  
  959ec15069202cbba09ea77a4ab2bc0109cbbbfbf8522620d8f1ec80f657219e
- SHA512
  
  2f0aad47d99c02879d90d9efc1442318f3fa12a082a6c5bcae9ad08c5c21481867ba6c97497c8d6173e11de96114fd9541687bf76813a0fed85bf243a58e94b1
- SSDEEP
  
  24576:vtqS1RpVG9nU7JyPKp2rfMXJekPhb0Xq2rxc46Dt2hDsKKQX9NX:QgHV8nAJye2r059Z0XtrxT6aKQX
Score

1^/10
behavioral17
- Target
  
  Netflix Tools PACK/HITFLIX CHECKER/sys/serv.exe
- Size
  
  86KB
- MD5
  
  f6c574bf9951a9b4168b1a01f1564e87
- SHA1
  
  d35ad68096d485b378a47a17cd440724cb7f98af
- SHA256
  
  2b36b2e35e2d8726a078d9d095bd0fc3086d3a3afb593e39e4f80f7d24a6c191
- SHA512
  
  dea0d9f878cc619137a77ca90ccbcf1978ed3598b35ede7362369b270e83bc71caecabc6040f16befcf566bebc3a2728324b527288541c0c33a1e3537aa8b7b8
- SSDEEP
  
  1536:CjR9msNf9uL4SrP8IlzYbAWBrnFWdd63kJahS9pT0zTnbs3j:Cm0f9uLtYC0AWBjFWdd63kJahS9pT0zi
Score

1^/10
behavioral18
- Target
  
  Netflix Tools PACK/NetFlix Checker by xRisky v2/MetroSuite 2.0.dll
- Size
  
  305KB
- MD5
  
  0d30a398cec0ff006b6ea2b52d11e744
- SHA1
  
  4ceebd9c6180a321c4d4f3cfb5cfc3952bf72b45
- SHA256
  
  8604bf2a1fe2e94dc1ea1fbd0cf54e77303493b93994df48479dc683580aa654
- SHA512
  
  8e06ff131a81e73b1ff5de78262701a11ecc2bcdaf41011f4e96f11c5372742478e70b6a0901b61953c21c95725532af8d785654405ec5066ad157e2143467cc
- SSDEEP
  
  3072:K6J2UBugOAI+yjNDWswy1MNo1EvnvkgvloSVQBjDifX0pPSRZ9KZdf8uvqtXfZBF:K6Jr8xhFzfOaa3xqQnQGTO
Score

1^/10
behavioral19
- Target
  
  Netflix Tools PACK/NetFlix Checker by xRisky v2/NetFlix Checker by xRisky v2.exe
- Size
  
  187KB
- MD5
  
  a936e1c25e761f0dac98e9d42ad28637
- SHA1
  
  1c9168c664a0bf33be15aa8311f803f7ebe865cb
- SHA256
  
  cc93d5cb201a68dd673a5cf55ac97723b226fb670a73df2d29548bf25245c2a4
- SHA512
  
  91ab6da7dcfe8639eb0a9c743e6e10ad6b2b30b5ef99e2b779402983a5485414e84f91539b18b93ff528517402ad24538f3ad929b6a583907b71dca1c631a636
- SSDEEP
  
  1536:94l0gePQLjUDAbY1oCT/n9156ET5B61H7SRIRUnPYG+lB:94l0g5G93/6hRUgt
Score

8^/10

discovery execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral20
- Target
  
  Netflix Tools PACK/NetFlix Checker by xRisky v2/Qoollo.Turbo.dll
- Size
  
  349KB
- MD5
  
  4e8246df4ee956ec273c4baa2054593c
- SHA1
  
  7847f523fefc14fec2c739c293593b673fb1c9d8
- SHA256
  
  1172732fd0fe6b679f5c6bf750598133dc815622c55ef1fa84087087bf42b495
- SHA512
  
  13398ea46879d533774e7ace1d3320ca60f7220277fcb2393c243ffeadbb5bb37900f87ac35b9eeb134e26e71068874b9eee226853a52d1528d5db761bcf22b7
- SSDEEP
  
  6144:1mTwzRf5EAga3u3IfEMzXCuPAKGJVKCHX:1mqf51TdPAKkD
Score

1^/10
behavioral21
- Target
  
  Netflix Tools PACK/NetFlix Checker by xRisky v2/debug/Ionic.Zip.dll
- Size
  
  480KB
- MD5
  
  f6933bf7cee0fd6c80cdf207ff15a523
- SHA1
  
  039eeb1169e1defe387c7d4ca4021bce9d11786d
- SHA256
  
  17bb0c9be45289a2be56a5f5a68ec9891d7792b886e0054bc86d57fe84d01c89
- SHA512
  
  88675512daa41e17ce4daf6ca764ccb17cd9633a7c2b7545875089cae60f6918909a947f3b1692d16ec5fa209e18e84bc0ff3594f72c3e677a6cca9f3a70b8d6
- SSDEEP
  
  6144:OhagC/Mq25o9sXGtSV41OJDsTDDVUMle6ZjxLV/kHu4Bht79I9:iagxWS4msNUCe65fkHdBf9
Score

1^/10
behavioral22
- Target
  
  Netflix Tools PACK/NetFlix Checker by xRisky v2/debug/Launcher.exe
- Size
  
  53KB
- MD5
  
  c6d4c881112022eb30725978ecd7c6ec
- SHA1
  
  ba4f96dc374195d873b3eebdb28b633d9a1c5bf5
- SHA256
  
  0d87b9b141a592711c52e7409ec64de3ab296cddc890be761d9af57cea381b32
- SHA512
  
  3bece10b65dfda69b6defbf50d067a59d1cd1db403547fdf28a4cbc87c4985a4636acfcff8300bd77fb91f2693084634d940a91517c33b5425258835ab990981
- SSDEEP
  
  768:FKtnBTTQi/YqMFlVt52ftDhKeoNzZq8OujxUu5XEAb4b9yvMzUV5:qBTUgYFveDRuFEAb4b99QV5
Score

8^/10

discovery execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral23
- Target
  
  Netflix Tools PACK/NetFlix Checker by xRisky v2/debug/MetroSuite 2.0.dll
- Size
  
  305KB
- MD5
  
  0d30a398cec0ff006b6ea2b52d11e744
- SHA1
  
  4ceebd9c6180a321c4d4f3cfb5cfc3952bf72b45
- SHA256
  
  8604bf2a1fe2e94dc1ea1fbd0cf54e77303493b93994df48479dc683580aa654
- SHA512
  
  8e06ff131a81e73b1ff5de78262701a11ecc2bcdaf41011f4e96f11c5372742478e70b6a0901b61953c21c95725532af8d785654405ec5066ad157e2143467cc
- SSDEEP
  
  3072:K6J2UBugOAI+yjNDWswy1MNo1EvnvkgvloSVQBjDifX0pPSRZ9KZdf8uvqtXfZBF:K6Jr8xhFzfOaa3xqQnQGTO
Score

1^/10
behavioral24
- Target
  
  Netflix Tools PACK/NetFlix Checker by xRisky v2/debug/NetCheck.exe
- Size
  
  6.2MB
- MD5
  
  5767a86dedd068e8f14f1570a9052303
- SHA1
  
  ccee276337037c0dbe9d83d96eefb360c5655a03
- SHA256
  
  cc815fcc20a41a0a2bf9c1574518004327ebb889e666d964e095482c5996ef11
- SHA512
  
  9121ae4a5c8a1485e3fc795f4857f2e44fa5a0271ffca747d195b9cde384f1e8f60864f2f4e955b96ecd38a1f6b2bd5acfb21e5ca5769b3f15c0c0d5937b6c3f
- SSDEEP
  
  196608:/ps7wa/hf0+P4aTMf+LZ5PefLEAyfWgJElwjAOER/4Uf/J1MtZkHnbFuRKnbErc/:/ps7h/hf0xNf+LZ5PefLEAyfWgJElwjE
Score

3^/10

discovery
behavioral25
- Target
  
  Netflix Tools PACK/NetFlix Checker by xRisky v2/debug/Qoollo.Turbo.dll
- Size
  
  349KB
- MD5
  
  4e8246df4ee956ec273c4baa2054593c
- SHA1
  
  7847f523fefc14fec2c739c293593b673fb1c9d8
- SHA256
  
  1172732fd0fe6b679f5c6bf750598133dc815622c55ef1fa84087087bf42b495
- SHA512
  
  13398ea46879d533774e7ace1d3320ca60f7220277fcb2393c243ffeadbb5bb37900f87ac35b9eeb134e26e71068874b9eee226853a52d1528d5db761bcf22b7
- SSDEEP
  
  6144:1mTwzRf5EAga3u3IfEMzXCuPAKGJVKCHX:1mqf51TdPAKkD
Score

1^/10
behavioral26
- Target
  
  Netflix Tools PACK/NetFlix Checker by xRisky v2/debug/chromedriver.exe
- Size
  
  8.2MB
- MD5
  
  467838b0da3380609a468679b0639abc
- SHA1
  
  e3b21daf2e7d9e7f564daca4d6b6a772e78f74a2
- SHA256
  
  282dd0a35f2336e409fc82ebc8649b0f9257c4016af75111ed709ee7c9132ef2
- SHA512
  
  aeb188d37a7184d235c27bc692e255a46e8a6c5d1e48e8b2d1258b0e4d342fe3468671ced9887c3ce2bc7ae71d94f9b25c738cd0742c9135386f20774402cc87
- SSDEEP
  
  98304:uhGs9SiTCiSt0EmrSb9XRPTg7BorV3KeL0E/h14CtsEtZuP:uwMujsSBRPTg7BqVt6OU
Score

1^/10
behavioral27
- Target
  
  Netflix Tools PACK/Netflix Checker v0.2.1/SkinSoft.VisualStyler.dll
- Size
  
  1.0MB
- MD5
  
  69e6563e0e7ea843e9b37d58819f4136
- SHA1
  
  4aebf9955ba0d0b5205b6b013da634aa0281a25d
- SHA256
  
  f9fa9f508b9350ed12ed3aa5b7f24aed901a6434b1b02d1f0ee301b8eea54b06
- SHA512
  
  c883bcb3f6f2ac3f2fe88eed1356178ff2b43bdeed2188aa06f35cbc9dda8745a3a5c2d28d99daae5b6ea9af46abcae45b7bd4da13f318ba31062a8e8b79a942
- SSDEEP
  
  12288:OSVkAXRzNIYqsdMExMDj/iREVGx2G4dZJ25jad4NJQe5rkAf/e5rkp3gN372sx00:ZRz+YqsdMExMDj/iRHx2dJ7Wsx0
Score

1^/10
behavioral28
- Target
  
  Netflix Tools PACK/Netflix Checker v0.2.1/xNet.dll
- Size
  
  116KB
- MD5
  
  3df8d87a482efad957d83819adb3020f
- SHA1
  
  f5b710581355ac5d0de7a36446b93533232144db
- SHA256
  
  2ac175b4d44245ee8e7aee9cc36df86925ef903d8516f20a2c51d84e35f23da4
- SHA512
  
  da28c34a85a6530b1c558fa11b0e71e70710d719cd8ceaf81f954d1fe3927ec139bee6c5f3135425cc5220905240f1a31d831611c46d18f5d52600b607ea59a6
- SSDEEP
  
  3072:NWl4rhAigbJ0c1qnV+xnEd44asVyrVfwN5lTCTh3n3F:NWvigbdqnV+xnEd4zsVyJb
Score

1^/10
behavioral29
- Target
  
  Netflix Tools PACK/Netflix Checker v1 by Sh4lltear/Guna.UI.dll
- Size
  
  876KB
- MD5
  
  6d6a1f28978d42ad2f0a8f278eaac966
- SHA1
  
  b09168ec88109422ca29cf4f1b6462d51930873d
- SHA256
  
  fb23fa4fca8f28bebe7b7e39593a211cd3c3405de5f948ec520e859b1bcaf91e
- SHA512
  
  76ddf88255a9355fc3c781880e23d94206acca4decf5623712411f7a733e91ca9ea37944860401cf9667f10e8c33a087803a4726f91faff1f23e3e0592ddf41d
- SSDEEP
  
  12288:bXlW6JhG2lO8FbG5byJR//uXShuqO3daKScHj/mTnGS:bE6JY2sYS5GJRuHkcHqTnGS
Score

1^/10
behavioral30
- Target
  
  Netflix Tools PACK/Netflix Checker v1 by Sh4lltear/Leaf.xNet.dll
- Size
  
  115KB
- MD5
  
  aabe4f7e8f947171ab334b5cc0a76f7c
- SHA1
  
  83b96de7936466b027e5ba974a563c278478dea7
- SHA256
  
  70670c404f998b71fe5abfb3aa58fcb5302d3940e805ac8927f79b625afab4a8
- SHA512
  
  e81c923c4eea8c00ac07d5a17af6377629d25bb837566f8cb74adfc545d033570a4a9dea8004799880ef05a8ba44de9a2dbdbf7c153050442432abec51d213e2
- SSDEEP
  
  1536:m8ecfUylM/rsvere3RXUmixwjKMD92NuYD9ikvyLm/RVTeyzi3v4rl:m8ecXM/a9EXBNuYxikqLm/RVTPHl
Score

1^/10
behavioral31
- Target
  
  Netflix Tools PACK/Netflix Checker v1 by Sh4lltear/Netflix Checker v1 by Sh4lltear.exe
- Size
  
  436KB
- MD5
  
  b029aba0478c2e4952b8d8d47a8254c2
- SHA1
  
  768a49d63fb3276d5084acafacb51c920c84c06f
- SHA256
  
  d507efaba5a96790221f25aadbe81d1a26ef94019b39cb7584ff54e06d6b8b68
- SHA512
  
  e1c09cf6c9fd854cf830fdcaf8828332e357dbd66dd3498ab16aa0b6c8a532bde3c3c9a1b1ba35b9096a66f2a9a0b9cfa8f158fcd4c0c25f2a53aca6a1c024d8
- SSDEEP
  
  3072:e4lJ7LQ666C66G666i666o666y666B66c666G66f666+666u6669p666366o6663:e6J7gXtwJ3xjpfVKWMy
Score

8^/10

discovery execution persistence
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
  persistence
behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Njrat family

njRAT/Bladabindi

Command and Scripting Interpreter: PowerShell

Modifies Windows Firewall

Checks computer location settings

Drops startup file

Executes dropped EXE

Adds Run key to start application

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Drops startup file

Executes dropped EXE

Adds Run key to start application

Njrat family

njRAT/Bladabindi

Modifies Windows Firewall

Checks computer location settings

Drops startup file

Executes dropped EXE

Adds Run key to start application

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Drops startup file

Executes dropped EXE

Adds Run key to start application

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Drops startup file

Executes dropped EXE

Adds Run key to start application

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Drops startup file

Executes dropped EXE

Adds Run key to start application

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Drops startup file

Executes dropped EXE

Adds Run key to start application

Command and Scripting Interpreter: PowerShell

Checks computer location settings

Drops startup file

Executes dropped EXE

Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27