MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 80fdfb1c4febba8b5494cd917c61ae730dfe273c32b1434971ade25d668216c0. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetSupport


Vendor detections: 8


Intelligence 8 IOCs YARA 3 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 80fdfb1c4febba8b5494cd917c61ae730dfe273c32b1434971ade25d668216c0
SHA3-384 hash: b54006cfdcbdaccf47f15e2fce5d41eff0ce907bcbd09161ed8f2f8d8993b9a76bf842a534e494c2b8b5cd75a5272ea7
SHA1 hash: faf4c99c8809ceb5b3f43dd7ba4600a4e70cae85
MD5 hash: b5cfeae5173f2abf3bbb7cdb5fd31a38
humanhash: avocado-helium-idaho-fruit
File name:SPAM.zip
Download: download sample
Signature NetSupport
Create hunting rule
File size:17'179 bytes
First seen:2025-12-09 07:46:38 UTC
Last seen:Never
File type: zip
MIME type:application/zip
ssdeep 384:XsCYEe35gfQDnNQ1lYOYWY9Z1TeghW2Joevrc4O/1jAt:cCYZJgyNQ1WVj1bhZzgct
TLSH T12472C036F308699BC4E5C43A1DFD354652F2C81D22B6739C7522C108A57AFB680EF60B
Magika zip
Reporter JAMESWT_WT
Tags:client32 growthcatalystes-com LIC NetSupport operationalexcellenceus-com zip

Intelligence

File Origin
# of uploads :
1
# of downloads :
126
Origin country :
IT IT
File Archive Information

This file archive contains 3 file(s), sorted by their relevance:

File name:client32.ini
File size:930 bytes
SHA256 hash: e17c29c1796b3d5d2a5cb3f12261230d05e4bfc6df0003b76103b9b591fdb8f8
MD5 hash: cd4f187c7c97457b71ad80fd82f07175
MIME type:text/plain
Signature NetSupport
File name:NSM.LIC
File size:253 bytes
SHA256 hash: 83a6feb6304effcd258129e5d46f484e4c34c1cce1ea0c32a94a89283ccd24f9
MD5 hash: 14ca8f4ee0dd828ecfd0c566dce00f06
MIME type:text/plain
Signature NetSupport
File name:client32.exe
File size:107'384 bytes
SHA256 hash: 168f1b974b31df0889e6dbe75f0fe8486cf932d72f0d6ad8348c97a2e537a738
MD5 hash: 8bdcbba121984169948dfd09c629d6ae
MIME type:application/x-dosexec
Signature NetSupport
Vendor Threat Intelligence
Details
Link:
https://research.acce.ciphertechsolutions.com/results/9216ecfe-464c-46d6-956a-37da5e105a43/
Detection(s):
PUA.Win.Tool.NetSupport-10022498-8
Create hunting rule

Verdict:
Clean
Score:
89.1%
Link:
https://cyber-fortress.com/docs/result/index.php?id=6937d403db58e1a2c22ba7e4
Tags:
n/a
Result
Verdict:
Unknown
File Type:
PE File
Link:
https://app.docguard.net/80fdfb1c4febba8b5494cd917c61ae730dfe273c32b1434971ade25d668216c0/results/dashboard
Verdict:
Suspicious
Threat level:
  5/10
Confidence:
100%
Tags:
expired-cert microsoft_visual_cc netsupport packed remoteadmin signed
Link:
https://www.filescan.io/uploads/6937d400bba50eaf0428f139/reports/0619d500-4a3e-4369-b365-d40d4824e570/overview
Verdict:
Unknown
Link:
https://www.hybrid-analysis.com/sample/80fdfb1c4febba8b5494cd917c61ae730dfe273c32b1434971ade25d668216c0
Result
Verdict:
MALICIOUS
Link:
https://labs.inquest.net/dfi/sha256/80fdfb1c4febba8b5494cd917c61ae730dfe273c32b1434971ade25d668216c0
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
File Type:
zip
First seen:
2025-12-09T08:58:00Z UTC
Last seen:
2025-12-09T09:16:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/80fdfb1c4febba8b5494cd917c61ae730dfe273c32b1434971ade25d668216c0/results?tab=lookup
Score:
68%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/80fdfb1c4febba8b5494cd917c61ae730dfe273c32b1434971ade25d668216c0
Verdict:
inconclusive
YARA:
3 match(es)
Tags:
Executable PDB Path PE (Portable Executable) PE File Layout Zip Archive
Link:
https://app.malva.re/file/b5cfeae5173f2abf3bbb7cdb5fd31a38
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/80fdfb1c4febba8b5494cd917c61ae730dfe273c32b1434971ade25d668216c0/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-12-09 07:47:18 UTC
File Type:
Binary (Archive)
Extracted files:
20
AV detection:
10 of 24 (41.67%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=qd67whcp5o5iwveuzwixyynoomg74jz4gkyugslrvxrf2zucc3aa._file
Result
Malware family:
n/a
Score:
  3/10
Tags:
discovery
Link:
https://tria.ge/reports/251209-n3k45swmez/
Behaviour
System Location Discovery: System Language Discovery
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.15
Link:
https://yomi.yoroi.company/submissions/80fdfb1c4febba8b5494cd917c61ae730dfe273c32b1434971ade25d668216c0

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:ach_NetSupportRAT_Config
Create hunting rule
Author:abuse.ch
Rule name:MALWARE_Win_NetSupport
Create hunting rule
Author:ditekSHen
Description:Detects NetSupport client
Rule name:PE_Digital_Certificate
Create hunting rule
Author:albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments