Nornikovik Hidden Browser

These browsers are supported: Chrome, Edge, Brave, Yandex, OperaGX, Vivaldi.

FILELESS - deletes the file when it's done, no malware on disk at all, but it will drop artifacts to disk from cefsharp, and copy user data. These are legit files, not malware.

Connection - TCP(ip port) / HTTP (upload a .php somewhere)

AntiVM - detects vm.

AntiAnalysis - detects containers or if analysis-related procs are running or if its being debugged.

Jitter - the higher you set this the more it will delay execution and will allocate memory and use the cpu, so don't set it too high.

Delay until user is idle ("appropriated" from smelly's personal website)

Detect clean machine - this is useful to detect a vm when they're trying to hide the fact that it's a vm. Detects if there are too little folders/files in certan places, recent files, installed apps, reg itmes etc and self-destruct if so. It also checks if common programs are installed or common procs that would usually be running are running, if not, it will delay exec. So this is useful but in rare cases it might falsely self-destruct even in a real machine.

Persistence, run on startup - WMI, Schtasks, RegRun, SpecialFolders and StartupApproved(this last one is NOT FILELESS!)

FileType - .exe(self contained .net), .lnk(smartscreen bypass), .cpl(smartscreen bypass if ran from inside archive), .bat, .dll(.net), .dll(native, so you can also dll side load native programs).

selecting a custom icon only works with the .exe, contact me if you want insturctions on putting an icon on the lnk.

Password lock - asks the user for a password before exec.

MsgBox - show a fake msgbox after exec to distract the user.

Binder - bind with another file, the other file will open to distract the user.

Pump file - change the file size, it will check if the file size is correct, if not it will self-destruct.

Melt(Enabled by default) - self destruct, it does not copy itself anywhere else. Works with all persistence methods except StartupApproved

Undetected, for how long? I don't know, pay me more money if you want a private stub (politely) You can also just run from memory/crypt it easily.

Other notes:

You can modify the build name from the config file, not the builder.

There is an "isIdle" check, which will check if the user is idle (no idea why i included this, i just kinda felt like it, using the hidden browser won't slow down their pc)

A basic reverse shell & file stealer are included, the file stealer will grab files with interesting names, you can change these names to target files you'd like in the config file, not the builder.

You can make it get the ip:port or link to the php from a url, so you can update it and keep your clients.

It will silently install the .net runtime 8 (needed for filelessness)

Sorry for the bad ui :P

Contact(Tox): BD25FB41D99E9CB59F6F02941E5734EB5B1F21F16687A5A6A2192FC445023537636E55B6C6F7