MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4c2f8feced7768f756ac7d4fa633b08fd61f0ba198c860fa4f1093dedbf060d2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

NetSupport

Vendor detections: 5

Intelligence 5 IOCs YARA 1 File information Comments

SHA256 hash:	4c2f8feced7768f756ac7d4fa633b08fd61f0ba198c860fa4f1093dedbf060d2
SHA3-384 hash:	c67471fef36a0ff043c941856e345c860970a46e571de155158724ea507877ff17d55d2d58e95422ce8494e47a2cc948
SHA1 hash:	d002071bd7dbe9ef91a843b87a56c156837015f1
MD5 hash:	610e029cb014dcec9c079ca11020c333
humanhash:	angel-illinois-oven-minnesota
File name:	Update_8231405.msix
Download:	download sample
Signature	NetSupport Create hunting rule
File size:	7'435'289 bytes
First seen:	2024-07-09 06:38:17 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	196608:k0FNypANIDCD/h1KHhEDp3XMLoW+GJ7wfxnVpwE0aCgY:k0O+X/mHhi3X4JsfxnVpwT9
TLSH	T16C7633E90E103A98FB840C7588E935C5E2C0E681967598FDB2F46B8F9467643C397CE7
TrID	84.1% (.MSIX) MSIX Windows app package (26500/1/3) 12.6% (.ZIP) ZIP compressed archive (4000/1) 3.1% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	MalasadaTech
Tags:	45-11-59-217 LandUpdate808 msix NetSupport signed

Code Signing Certificate

Organisation:	Laks Tech Limited
Issuer:	SSL.com Code Signing Intermediate CA RSA R1
Algorithm:	sha256WithRSAEncryption
Valid from:	2024-07-03T04:04:23Z
Valid to:	2025-07-03T04:04:23Z
Serial number:	15d82b35761fe064df2bc72c62d69a04
Cert Graveyard Blocklist:	This certificate is on the Cert Graveyard blocklist
Thumbprint Algorithm:	SHA256
Thumbprint:	639d19f70918c0d1ffd2938219b26b203939c04948b3c785146d033d0516f6ba
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

MalasadaTech

bretagne-balades[.]com/wp-includes/css/539.php (Update_#######.msix)
-->
45[.]11.59.217:443 (NetSupport, NSM301071)

4c2f8feced7768f756ac7d4fa633b08fd61f0ba198c860fa4f1093dedbf060d2 Update_#######.msix

Intelligence

File Origin

# of uploads :

# of downloads :

586

Origin country :

File Archive Information

This file archive contains 36 file(s), sorted by their relevance:

File name:	7-ZipEng.hlf
File size:	2'366 bytes
SHA256 hash:	bd47a48183384d5f1d1d4a3ba357abe1464c567c84f8bc75ced56b81c99e1fe4
MD5 hash:	4d6f189cbb89bda3d202e72d3a6460ec
MIME type:	text/plain
Signature	NetSupport

File name:	AppxManifest.xml
File size:	2'238 bytes
SHA256 hash:	1a8efbda736262fad84cce5cc3b2aab8c2a87d0ff3e1d6fb5497cc23e46ba3b5
MD5 hash:	47376118e6365b36667e77c8982c69e2
MIME type:	text/xml
Signature	NetSupport

File name:	7-ZipFar.dll
File size:	280'064 bytes
SHA256 hash:	8e6d2b5bdfc4c1d3b88643a47aa13ab15005039456a7d4ebb078a42568a341b4
MD5 hash:	d04533fdbb455465721f437a2d849b8b
MIME type:	application/x-dosexec
Signature	NetSupport

File name:	7za.dll
File size:	411'648 bytes
SHA256 hash:	583f67ca7b7301f5524fda8405afcb1d38b481556799d80a633978024577ebab
MD5 hash:	967497e77171ac87ce0d9a306a7702b5
MIME type:	application/x-dosexec
Signature	NetSupport

File name:	[Content_Types].xml
File size:	1'197 bytes
SHA256 hash:	139c0b772db4e25e0f78cbb23ad361ed177fa2aa4db98bc034edec7cbbc27e06
MD5 hash:	70111c27f9e56191c52aec0b9f1bad19
MIME type:	text/xml
Signature	NetSupport

File name:	AppxSignature.p7x
File size:	8'222 bytes
SHA256 hash:	070ced306fb7bf73754a6cefb979a14682b8930385305a483bae2d94baed3eee
MD5 hash:	390a5f8b13c906bc6ef9a7d69e44009b
MIME type:	application/octet-stream
Signature	NetSupport

File name:	PsfRuntime32.dll
File size:	376'864 bytes
SHA256 hash:	11d6916d6066e481f5d19bb503f654dcf9cac80aef818c2b52a2a1f0ca2efd5a
MD5 hash:	a9f0eeb621dd5883258113cc4b490929
MIME type:	application/x-dosexec
Signature	NetSupport

File name:	StartingScriptWrapper.ps1
File size:	14'990 bytes
SHA256 hash:	7778c658411a2f1649ced14cdfe8a92145c1c7fa53b1ce5b14920000fe99bd98
MD5 hash:	da5bf3010154020db9db4cf8832b42ea
MIME type:	text/plain
Signature	NetSupport

File name:	GoogleChrome2.7z
File size:	1'510'794 bytes
SHA256 hash:	3ec04b5c60939209c5d19dd525e53425aef8803d242d9ad63346445ebe09398c
MD5 hash:	99732fb703c4d1e51ddabde2c96975e8
MIME type:	application/x-7z-compressed
Signature	NetSupport

File name:	User.dat
File size:	20'480 bytes
SHA256 hash:	19547995d74a49ae1ae4a19b077226affcc08c0bf3f8919fcb264c17b56484b9
MD5 hash:	2eee5661cc497bb03785fe16d59fb4bd
MIME type:	application/octet-stream
Signature	NetSupport

File name:	config.json
File size:	372 bytes
SHA256 hash:	90435871a96f16886bf1eae664921169fa77d91572d0fbec6a9338ba467a9ed0
MD5 hash:	35ebf7067f9458f7a7e4c18d300bcb16
MIME type:	application/json
Signature	NetSupport

File name:	PsfLauncher64.exe
File size:	379'312 bytes
SHA256 hash:	338fc84d0b309a726bae061ae7ef727884fd43a71aff70900dbce27de07791ea
MD5 hash:	bfcb4275530e99a5e3fca4614a645fb5
MIME type:	application/x-dosexec
Signature	NetSupport

File name:	7-ZipRus.hlf
File size:	2'191 bytes
SHA256 hash:	5f78f1ad25860ef28fe3b73f915e357035176dc91b7013c554e5f8d1cab1cee0
MD5 hash:	b3c605a5aebda78e12e39fc873470d04
MIME type:	text/plain
Signature	NetSupport

File name:	PsfRuntime64.dll
File size:	478'752 bytes
SHA256 hash:	495b13461b13c3ce1c766d9899b860add4dfcd9e6b2dc5815389aed6e26cda0e
MD5 hash:	61863b4c1aeefe10d69f54c03d373fd5
MIME type:	application/x-dosexec
Signature	NetSupport

File name:	far7z.txt
File size:	2'687 bytes
SHA256 hash:	b4039132a22acc7f05eb48152ccb01c54c603addb121918996c8356912404008
MD5 hash:	7b2d14f1cd85dcdf098cf909749c48a8
MIME type:	text/plain
Signature	NetSupport

File name:	history.txt
File size:	11'606 bytes
SHA256 hash:	382dfb627c44831e17ab9c5b2680a264afdd43600d074ee27734a12f742717a9
MD5 hash:	adad8b0e892b4be1518445ddfa0fc8dc
MIME type:	text/plain
Signature	NetSupport

File name:	Registry.dat
File size:	49'152 bytes
SHA256 hash:	ad25a76a2380268d149de93f8e4258672e5800ac70653ddc2721ef4fc68743a7
MD5 hash:	7de5c1b82bc573bb560735963bcc6386
MIME type:	application/octet-stream
Signature	NetSupport

File name:	7-ZipFar64.dll
File size:	468'992 bytes
SHA256 hash:	05c932f7c7391ba29b3dec39a7e273a9b51f1c6bd75b0aa942c08e1fa91dced8
MD5 hash:	f8c737ca365dbbae5e0010e75bd641b3
MIME type:	application/x-dosexec
Signature	NetSupport

File name:	AppxBlockMap.xml
File size:	19'325 bytes
SHA256 hash:	33122e2cb8aeef066b0e6e94ef5fd03481abbf43e6565f56cf41d7c798821ca8
MD5 hash:	111c067e2b49b35d26f7f5dae065a27e
MIME type:	text/xml
Signature	NetSupport

File name:	7zxa.dll
File size:	216'064 bytes
SHA256 hash:	7454cd03cfa197b979cb62360f69143a48a8be86227f06538c546a70a14cde2c
MD5 hash:	5eab00f912824ebdc5aa47ebe863b63e
MIME type:	application/x-dosexec
Signature	NetSupport

File name:	7-ZipRus.lng
File size:	3'214 bytes
SHA256 hash:	69e005acb0215a3cecf960eb180af0079533b46b8bd5a30e7ca1c4dc23ce5ab8
MD5 hash:	8c389a621e0786a41c8619b02d70b005
MIME type:	text/plain
Signature	NetSupport

File name:	Documents3.7z
File size:	1'511'042 bytes
SHA256 hash:	f4ee953eea174cd6667a7c956a386d496725dc4c80d488737cd903d3b28bbf3e
MD5 hash:	ad52327dc629862b37f6d76a4e294471
MIME type:	application/x-7z-compressed
Signature	NetSupport

File name:	logo.png
File size:	7'036 bytes
SHA256 hash:	9e854f2c7c2292f777ffabf0c249b9a73a397ae8cc9eebfb0c8f45a1d0e561a8
MD5 hash:	1158b5f0e72df493bc87c4c358f86abe
MIME type:	image/jpeg
Signature	NetSupport

File name:	far7z.reg
File size:	3'065 bytes
SHA256 hash:	cab398fb2e704a8d6eb486ded87b57375414c4eba9df6f05333d041033ab1968
MD5 hash:	6f60a13b4574fcdc675d21054499b85d
MIME type:	text/x-ms-regedit
Signature	NetSupport

File name:	PsfRunDll32.exe
File size:	95'152 bytes
SHA256 hash:	324f1db0dbe4a6577425d0c3dd72d4681e5000cca9d17cc62a2af0fcce12eca2
MD5 hash:	96376177175a1b23a95c6498e9ffb2b5
MIME type:	application/x-dosexec
Signature	NetSupport

File name:	CodeIntegrity.cat
File size:	11'804 bytes
SHA256 hash:	28c03e54cdba4e4537b3aba6292639ae56e051a7f3d70146e20e928d5ea353ed
MD5 hash:	1d1e26745958f1a6d0b2da1b6ed34774
MIME type:	application/octet-stream
Signature	NetSupport

File name:	License.txt
File size:	5'236 bytes
SHA256 hash:	d34a018bd862e4eb96d5995a06b7d922b32f37f3006a647b488e07dfbca18895
MD5 hash:	8cd6549be1b079383db37b8c1f0809bc
MIME type:	text/plain
Signature	NetSupport

File name:	7-ZipEng.lng
File size:	3'110 bytes
SHA256 hash:	02b06a71d9c7442724eeeacf3683d015b3b868b1df098c2ba4667b9a2d0f8a21
MD5 hash:	3162638b475f8674db5ad3c2af15d2ed
MIME type:	text/plain
Signature	NetSupport

File name:	PsfLauncher32.exe
File size:	309'680 bytes
SHA256 hash:	312bd304860f9865ed4073f5baffde8df9907a1ebfedd2d1d637ab48db3ca004
MD5 hash:	e005414b82df848717581bd260725b02
MIME type:	application/x-dosexec
Signature	NetSupport

File name:	25.exe
File size:	846'336 bytes
SHA256 hash:	bf2ec1a2ea0242a24bb9c5b7bcaee3f335edcc384aabd07bbfe93e74888cb26c
MD5 hash:	e58073e04563ee374ac9d33d64292b12
MIME type:	application/x-dosexec
Signature	NetSupport

File name:	7za.exe
File size:	1'319'936 bytes
SHA256 hash:	199c64ad672453e98d86ad2c4ea88212eafd6f7c4070dfcb7609ab7a9bd5df11
MD5 hash:	33aaf6621cc4b441c335327c1e02a952
MIME type:	application/x-dosexec
Signature	NetSupport

File name:	readme.txt
File size:	4'446 bytes
SHA256 hash:	e433f4361ab01cb33099b4b721012db1460ec6767276cc6f3629b2d22e9df043
MD5 hash:	c46bfaa3cacec7aa8cf1725c95cecddf
MIME type:	text/plain
Signature	NetSupport

File name:	7zToFar.ini
File size:	2'814 bytes
SHA256 hash:	483a1db874153ac9f2a1098a5ac6c05676940f90af4f8e9c903d6fc13848a118
MD5 hash:	a7656301a8349c626452ea76cac9fa33
MIME type:	application/x-wine-extension-ini
Signature	NetSupport

File name:	Resources.pri
File size:	5'176 bytes
SHA256 hash:	ae0e328618800983358b154262102ea2e73823108d7f86c62a37dc91377f5df3
MD5 hash:	ce102c4b1736bf61f34e14f0173fee89
MIME type:	application/octet-stream
Signature	NetSupport

File name:	iefbugpaeitgbpietu.ps1
File size:	561 bytes
SHA256 hash:	2bd6b5cbeddab8b01e14ed4c073afdbd4316340aada77e3e55ba5e1af21652f7
MD5 hash:	3a0ef7cf40cc50d47cb956fce8baa456
MIME type:	text/plain
Signature	NetSupport

File name:	PsfRunDll64.exe
File size:	118'704 bytes
SHA256 hash:	b37f6780adc7c7534ab474c1a9b8a5fbc1a8e9df105be9be7a9e13d96385dbe4
MD5 hash:	8466f69926a22670dcf6515a4fc3c054
MIME type:	application/x-dosexec
Signature	NetSupport

Vendor Threat Intelligence

Verdict:

Suspicious

Score:

50%

Link:

https://cyber-fortress.com/docs/result/index.php?id=66843d6b251d4687fe42f28dwin7simulatehigh_evasion

Tags:

Other Stealth

Verdict:

Likely Malicious

Threat level:

7.5/10

Confidence:

100%

Tags:

fingerprint masquerade packed

Link:

https://www.filescan.io/uploads/668cdb09bb965284a1c5c888/reports/f481f1fe-c162-4c81-a6e5-1c0f81eef62e/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/4c2f8feced7768f756ac7d4fa633b08fd61f0ba198c860fa4f1093dedbf060d2

Result

Verdict:

MALICIOUS

Link:

https://labs.inquest.net/dfi/sha256/4c2f8feced7768f756ac7d4fa633b08fd61f0ba198c860fa4f1093dedbf060d2

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4c2f8feced7768f756ac7d4fa633b08fd61f0ba198c860fa4f1093dedbf060d2/

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=jqxy73hno5upovvmpvh2mm5qr7lb6c5btdegb6spccj55w7qmdja._file

Result

Malware family:

n/a

Score:

10/10

Tags:

execution

Link:

https://tria.ge/reports/240709-hzkfjsvblb/

Malware Config

Dropper Extraction:

https://www.google.com/chrome/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/4c2f8feced7768f756ac7d4fa633b08fd61f0ba198c860fa4f1093dedbf060d2

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	msix_file Create hunting rule
Author:	Stuart Gonzalez
Description:	Detection for .msix files

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

NetSupport

zip 4c2f8feced7768f756ac7d4fa633b08fd61f0ba198c860fa4f1093dedbf060d2

(this sample)

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample