MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8809e20fcea490d4ae97f43cac27f0c700c15db1b85da37b9a47d9e225e763c4. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetSupport


Vendor detections: 9


Intelligence 9 IOCs 1 YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8809e20fcea490d4ae97f43cac27f0c700c15db1b85da37b9a47d9e225e763c4
SHA3-384 hash: 8c2ed60a4ac9ae3fbc4680f1cbc90433aa7a878f668dd2184d6d0acf0e2418413dc28bbea4d702ebe5e046ad93c6951e
SHA1 hash: c74027e410a7e0d1b12d4355360dcaafe5ec786d
MD5 hash: 25e370cdfdbfce1337435c707f506425
humanhash: fanta-fourteen-bacon-march
File name:residentchattingps1
Download: download sample
Signature NetSupport
Create hunting rule
File size:5'393'159 bytes
First seen:2026-03-16 09:00:49 UTC
Last seen:Never
File type:PowerShell (PS) ps1
MIME type:text/plain
ssdeep 49152:VLY8R5lE8ZU0Z97+78zB9W8UP60wVO8Hx5w89jC8YI8Eh81y28yN8v8uO828MI83:o
TLSH T1DB4692D97AC413F09929ABDC824374CD0395A17E6FBB584D02E448BE3D1AE1766E0CBD
Magika powershell
Reporter JAMESWT_WT
Tags:91-219-23-145 aff-shrd-rt-in-net NetSupport ps1

Indicators Of Compromise (IOCs)

Below is a list of indicators of compromise (IOCs) associated with this malware samples.

IOCThreatFox Reference
89.124.75.72:443 https://threatfox.abuse.ch/ioc/1767941/

Intelligence

File Origin
# of uploads :
1
# of downloads :
62
Origin country :
IT IT
Vendor Threat Intelligence
No detections
Detection(s):
Win.Downloader.Emmenhtal-10044033-0
Create hunting rule

Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=69b7df7893b644ca466a8ca1
Tags:
malware
Verdict:
Malicious
Threat level:
  10/10
Confidence:
100%
Tags:
crypt emmenhtal evasive obfuscated powershell
Link:
https://www.filescan.io/uploads/69b7df794ec2f522cc4b0d42/reports/589b5b8a-75c4-4b9a-ba92-03efc125f49f/overview
Verdict:
Suspicious
Labled as:
GenScript.AIBA trojan
Link:
https://www.hybrid-analysis.com/sample/8809e20fcea490d4ae97f43cac27f0c700c15db1b85da37b9a47d9e225e763c4
Verdict:
Clean
File Type:
ps1
Link:
https://opentip.kaspersky.com/8809e20fcea490d4ae97f43cac27f0c700c15db1b85da37b9a47d9e225e763c4/results?tab=lookup
Score:
95%
Verdict:
Malware
File Type:
SCRIPT
Link:
https://malprob.io/report/8809e20fcea490d4ae97f43cac27f0c700c15db1b85da37b9a47d9e225e763c4
Gathering data
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8809e20fcea490d4ae97f43cac27f0c700c15db1b85da37b9a47d9e225e763c4/
Verdict:
Malicious
Threat:
Family.NETSUPPORT
Link:
https://tip.neiki.dev/file/8809e20fcea490d4ae97f43cac27f0c700c15db1b85da37b9a47d9e225e763c4
Threat name:
Win32.Trojan.Alevaul
Create hunting rule
Status:
Malicious
First seen:
2026-03-03 00:07:28 UTC
File Type:
Text (PowerShell)
AV detection:
5 of 24 (20.83%)
Threat level:
  5/5
Detection(s):
Malicious file
Link:
https://check.spamhaus.org/check/?searchterm=rae6ed6ousinjlux6q6kyj7qy4amcxnrxbo2g642i7m6ejphmpca._file
Result
Malware family:
netsupport
Create hunting rule
Score:
  10/10
Tags:
family:netsupport discovery execution rat
Link:
https://tria.ge/reports/260316-mt2j4acs4s/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
System Location Discovery: System Language Discovery
Command and Scripting Interpreter: PowerShell
Executes dropped EXE
Loads dropped DLL
Badlisted process makes network request
NetSupport
Netsupport family
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Legit
Score:
0.00
Link:
https://yomi.yoroi.company/submissions/8809e20fcea490d4ae97f43cac27f0c700c15db1b85da37b9a47d9e225e763c4

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Comments