MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 314d1398b1b0d13f4bb3211439eab49074f939b48aa5169c7371de2aaf1c8b69. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetSupport


Vendor detections: 9


Intelligence 9 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 314d1398b1b0d13f4bb3211439eab49074f939b48aa5169c7371de2aaf1c8b69
SHA3-384 hash: 1a0164d16f93600fb230e073155b9750ce835b9fcf8bd55f313bf56edf8fdb4c8351a243205f8e94d946f84a7992b0eb
SHA1 hash: fbef6727db273f4e1c61033d9d94c738e780e686
MD5 hash: 2e68197895c39013344bbd70d10585e6
humanhash: blue-edward-orange-oregon
File name:deceit-freebie.ps1
Download: download sample
Signature NetSupport
Create hunting rule
File size:5'384'530 bytes
First seen:2026-03-16 09:00:37 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 49152:VLY8R5lE8ZU0Z97+78zB9W8UP60wVO8Hx5w89jC8YI8Eh81y28yN8v8uO828MI8L:W
TLSH T1DD4691D97AC413F09929ABDC824374CD0395A17E6FBB584D02E448BE3D1AE1726E4CBD
Magika powershell
Reporter JAMESWT_WT
Tags:91-219-23-145 NetSupport ps1 t-rpl-mrg-node-in-net

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
46.151.25.175:443 https://threatfox.abuse.ch/ioc/1767940/

Intelligence

File Origin
# of uploads :
1
# of downloads :
91
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Detection(s):
Win.Downloader.Emmenhtal-10044033-0
Create hunting rule

Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69b7c6e688c80c01586ab0c0
Tags:
malware
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
crypt emmenhtal evasive obfuscated powershell
Link:
https://www.filescan.io/uploads/69b7c6e2493cb7d62dff9a3c/reports/d37acda3-3f45-41b9-a1a5-85a1f2457c27/overview
Verdict:
Malicious
Labled as:
GenScript.AIIM trojan
Link:
https://www.hybrid-analysis.com/sample/314d1398b1b0d13f4bb3211439eab49074f939b48aa5169c7371de2aaf1c8b69
Verdict:
Clean
File Type:
ps1
Link:
https://opentip.kaspersky.com/314d1398b1b0d13f4bb3211439eab49074f939b48aa5169c7371de2aaf1c8b69/results?tab=lookup
Score:
95%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/314d1398b1b0d13f4bb3211439eab49074f939b48aa5169c7371de2aaf1c8b69
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/314d1398b1b0d13f4bb3211439eab49074f939b48aa5169c7371de2aaf1c8b69/
Verdict:
Malicious
Threat:
Family.NETSUPPORT
Link:
https://tip.neiki.dev/file/314d1398b1b0d13f4bb3211439eab49074f939b48aa5169c7371de2aaf1c8b69
Threat name:
Win32.Trojan.Alevaul
Create hunting rule
Status:
Malicious
First seen:
2026-02-17 16:11:42 UTC
File Type:
Text (PowerShell)
AV detection:
7 of 24 (29.17%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=gfgrhgfrwdit6s5teekdt2vusb2psonurksrnhdtohpcvly4rnuq._file
Result
Malware family:
netsupport
Create hunting rule
Score:
  10/10
Tags:
family:netsupport discovery execution rat
Link:
https://tria.ge/reports/260316-ky2pjshy9v/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Command and Scripting Interpreter: PowerShell
System Location Discovery: System Language Discovery
Executes dropped EXE
Loads dropped DLL
Badlisted process makes network request
NetSupport
Netsupport family
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.25
Link:
https://yomi.yoroi.company/submissions/314d1398b1b0d13f4bb3211439eab49074f939b48aa5169c7371de2aaf1c8b69

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments