MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 712b356dc0f2e2737ff23955c25dd50b9d2511ba258c064798f4f118d6746dc9. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetSupport


Vendor detections: 9


Intelligence 9 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 712b356dc0f2e2737ff23955c25dd50b9d2511ba258c064798f4f118d6746dc9
SHA3-384 hash: 8c7b0c58d06414111331690f87ea0bef4e025f3583f506bd47c834217153f2081cc2d01231b69c49fdc178e6bd0d295f
SHA1 hash: 04c89d38e7211338d791ba1f3dfe3a2d3f1d224f
MD5 hash: bc1ff0c690adba9e88a2a126f08260d5
humanhash: october-nuts-xray-march
File name:ps.ps1
Download: download sample
Signature NetSupport
Create hunting rule
File size:55 bytes
First seen:2025-12-23 07:24:44 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 3:VSJJFIShhwdF65IFeVnykmn:s8SnSFUcF
TLSH T16E900260145066695A19863AD16455202412198A877818B7A11951850846969C210E88
Magika batch
Reporter JAMESWT_WT
Tags:185-39-19-95 77-90-60-32 accountspagemain-com booking NetSupport ps1 rentalsmcx-com


Avatar
JAMESWT_WT

Intelligence

File Origin
# of uploads :
1
# of downloads :
40
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Verdict:
Malicious
Score:
81.4%
Link:
https://cyber-fortress.com/docs/result/index.php?id=694a43e2a6c88bb4cc23dfab
Tags:
shell agent sage
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
base64 powershell powershell powershell
Link:
https://www.filescan.io/uploads/694a43e0a7163552ba041730/reports/3f942da9-7b10-44fd-8916-56283f33ffd3/overview
Verdict:
Suspicious
Labled as:
DR/Powershell.VI
Link:
https://www.hybrid-analysis.com/sample/712b356dc0f2e2737ff23955c25dd50b9d2511ba258c064798f4f118d6746dc9
Verdict:
Malicious
File Type:
ps1
First seen:
2025-12-23T04:55:00Z UTC
Last seen:
2025-12-23T12:48:00Z UTC
Hits:
~100
Detections:
Trojan-Downloader.Win32.Paph.b PDM:Trojan.Win32.Generic Trojan-Downloader.Agent.HTTP.C&C Backdoor.RABased.HTTP.C&C Trojan.Win32.Agent.sb Trojan.PowerShell.Agent.sb NetTool.PowerShellUA.HTTP.C&C NetTool.PowerShellGet.HTTP.C&C RemoteAdmin.NetSup.UDP.C&C RemoteAdmin.NetSup.HTTP.C&C
Link:
https://opentip.kaspersky.com/712b356dc0f2e2737ff23955c25dd50b9d2511ba258c064798f4f118d6746dc9/results?tab=lookup
Score:
2%
Verdict:
Benign
File Type:
SCRIPT
Link:
https://malprob.io/report/712b356dc0f2e2737ff23955c25dd50b9d2511ba258c064798f4f118d6746dc9
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/712b356dc0f2e2737ff23955c25dd50b9d2511ba258c064798f4f118d6746dc9/
Verdict:
Malicious
Threat:
RemoteAdmin.NetSup.HTTP
Link:
https://tip.neiki.dev/file/712b356dc0f2e2737ff23955c25dd50b9d2511ba258c064798f4f118d6746dc9
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=oevtk3oa6lrhg77shfk4exovboosken2ewgamr4y6tyrrvtunxeq._file
Result
Malware family:
n/a
Score:
  10/10
Tags:
execution
Link:
https://tria.ge/reports/251223-h86p5sxkhz/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Badlisted process makes network request
Command and Scripting Interpreter: PowerShell
Malware Config
Dropper Extraction:
http://77.90.60.32/y.GRE
Malware family:
NetSupport
Create hunting rule
Verdict:
Malicious
Link:
https://www.vmray.com/analyses/_mb/712b356dc0f2/report/overview.html
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
0.90
Link:
https://yomi.yoroi.company/submissions/712b356dc0f2e2737ff23955c25dd50b9d2511ba258c064798f4f118d6746dc9

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments