MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 221c9baeadb9db299900f69c50fb086bd65d3079c59a7d2e09d6a4cb9cab87aa. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetSupport


Vendor detections: 7


Intelligence 7 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 221c9baeadb9db299900f69c50fb086bd65d3079c59a7d2e09d6a4cb9cab87aa
SHA3-384 hash: c521858edfacf568e7e1533c02865cf7c9f52942c368c9a1f6366d473b09190812aafff3ae54889c8afe17d12e7a5486
SHA1 hash: bc1894ef2a79368d8db303354d49c21cc7b20cc8
MD5 hash: 4890239e749f98c54fb1bcbddc46f00f
humanhash: victor-eight-solar-oxygen
File name:readme.ps1
Download: download sample
Signature NetSupport
Create hunting rule
File size:3'296 bytes
First seen:2023-06-14 08:48:00 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 48:/jpR02qj5dR1KSF4FhPEuPXbJ4PJSE8vIPqN9WWOOsYeM366n4+RAVEgYJc4cJe:deP5oKmEgIPqN9W7OsYeS6UsVEgSJ
Threatray 253 similar samples on MalwareBazaar
TLSH T1FE611A935F49A295C3B3FFE2C9C668C8647C964B80AF30A052DC914D79A41E967CF111
Reporter JAMESWT_WT
Tags:NetSupport norominis1-com norominis2-com ps1

Intelligence

File Origin
# of uploads :
1
# of downloads :
163
Origin country :
IT IT
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Heur.BZC.PZQ.Leopard.1.3AAB1EFE.13815.13224.UNOFFICIAL
Create hunting rule

Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-debug anti-vm anti-vm cmd.exe control.exe cscript.exe evasive explorer.exe fingerprint greyware hacktool keylogger lolbin lolbin packed shdocvw.dll shell32.dll wscript.exe
Link:
https://www.filescan.io/uploads/64897ec5b1178157d13334b0/reports/ae5181b3-c92a-4e94-8b0b-e49ae90341a7/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/221c9baeadb9db299900f69c50fb086bd65d3079c59a7d2e09d6a4cb9cab87aa
Result
Verdict:
UNKNOWN
Result
Threat name:
NetSupport RAT
Create hunting rule
Detection:
malicious
Classification:
troj.evad
Score:
68 / 100
Link:
https://www.joesandbox.com/analysis/1254293
Signature
Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Powershell drops PE file
Sigma detected: Powershell drops NetSupport RAT client
Behaviour
Behavior Graph:
Download SVG
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/221c9baeadb9db299900f69c50fb086bd65d3079c59a7d2e09d6a4cb9cab87aa/
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=eiojxlvnxhnstgia62ofb6yinplf2mdzywnh2lqj22smxhflq6va._file
Verdict:
malicious
Similar samples:
34e349e905521c620a97507691578abe9ccc23785f83befd4644662e82d4716e
NetSupport
64339638d9234ab1efe25fe180b3097a6614687c8f83b1cc0c5a1dde570aaf81
NetSupport
83be30955e545d10a374262516d0942fc9a5318207dc0917349c32f3e8b7c5f4
NetSupport
91b01d5ceeb6634ef0e8a5e4a3f00a3d579ad580523371d3e05450354d61abd8
NetSupport
adf3534c37d75d16fbefd668a7b0bc2a7797315e77b2a9bf4b985884b0cafbed
NetSupport
b41a4eb5971f4dd7b443bd68f92f6af92735d6db5a258e372d57b499882c866a
NetSupport
c0a2b7fadd4a95724bde0514baca54dd68fb6aa14237df8bd65b7243e1f68b41
NetSupport
c8449615cbbd5105e7894fdca6c5e9b278ce7692a0af96d4540c332df49b8eb2
NetSupport
df5b822cfb367fb862dce788d16009b0299461c8543c5098009fb85dd2150170
NetSupport
+ 243 additional samples on MalwareBazaar
Result
Malware family:
netsupport
Create hunting rule
Score:
  10/10
Tags:
family:netsupport persistence rat
Link:
https://tria.ge/reports/230614-kqe6ksfa92/
Behaviour
Download via BitsAdmin
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Adds Run key to start application
Executes dropped EXE
Loads dropped DLL
NetSupport
Malware Config
Dropper Extraction:
http://navitainer.net/4th.zip
http://YOUR.LINK/files/
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/221c9baeadb9/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/221c9baeadb9db299900f69c50fb086bd65d3079c59a7d2e09d6a4cb9cab87aa

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments