MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 8afb4dcd3574e5a716e75a77a1ccdf9e23e6a03e181aa6a3ecb9b9d38e9aa039. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


NetSupport


Vendor detections: 11


Intelligence 11 IOCs YARA 5 File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 8afb4dcd3574e5a716e75a77a1ccdf9e23e6a03e181aa6a3ecb9b9d38e9aa039
SHA3-384 hash: b29ac72035e9155f712a4f962b3d48b059a90625098d68afea91727b2cbd20c3855eab0fc5d7913a6cd2bc10d9fc21b5
SHA1 hash: 4194fef9a448c751649073fc3e9ca6d313ec3fa2
MD5 hash: 623d3417aa324158b7020f5af5c46ce7
humanhash: west-virginia-helium-potato
File name:adaptive.msi
Download: download sample
Signature NetSupport
Create hunting rule
File size:5'271'552 bytes
First seen:2025-09-19 16:22:53 UTC
Last seen:Never
File type:Microsoft Software Installer (MSI) msi
MIME type:application/x-msi
ssdeep 98304:IpuQnrt2QnumPHIRSKouXCkpQ7VWIQrPMfPMPA69Zxj:iuQnJ2HAHIFouXCkpQ7VWIQTCOAIr
TLSH T15C36C01179AE8536D61F0171EA29FE1AF52EADE30B6144D792E8FC8B95304C36235F83
TrID 80.0% (.MSI) Microsoft Windows Installer (454500/1/170)
10.7% (.MST) Windows SDK Setup Transform script (61000/1/5)
7.8% (.MSP) Windows Installer Patch (44509/10/5)
1.4% (.) Generic OLE2 / Multistream Compound (8000/1)
Magika msi
Reporter JAMESWT_WT
Tags:141-98-11-224 bucket-aws-s2-com deep-seekv2-com msi NetSupport

Intelligence

File Origin
# of uploads :
1
# of downloads :
181
Origin country :
IT IT
Vendor Threat Intelligence
Detection:
n/a
Link:
https://www.capesandbox.com/analysis/28362/
Verdict:
Malicious
Score:
70%
Link:
https://cyber-fortress.com/docs/result/index.php?id=68cd8398246a2631bd312076
Tags:
shellcode dropper virus
Verdict:
Likely Malicious
Threat level:
  7.5/10
Confidence:
100%
Tags:
anti-vm cmd evasive fingerprint lolbin obfuscated remote threat wix
Link:
https://www.filescan.io/uploads/68cd8399f224aeb809c8fcfe/reports/80e6a468-e1d5-459b-b34d-84a630de8918/overview
Verdict:
Malicious
Link:
https://www.hybrid-analysis.com/sample/8afb4dcd3574e5a716e75a77a1ccdf9e23e6a03e181aa6a3ecb9b9d38e9aa039
Result
Verdict:
UNKNOWN
Link:
https://labs.inquest.net/dfi/sha256/8afb4dcd3574e5a716e75a77a1ccdf9e23e6a03e181aa6a3ecb9b9d38e9aa039
Details
Windows PE Executable
Found a Windows Portable Executable (PE) binary. Depending on context, the presence of a binary is suspicious or malicious.
Verdict:
Malicious
File Type:
msi
First seen:
2025-07-22T17:29:00Z UTC
Last seen:
2025-07-22T17:29:00Z UTC
Hits:
~10
Link:
https://opentip.kaspersky.com/8afb4dcd3574e5a716e75a77a1ccdf9e23e6a03e181aa6a3ecb9b9d38e9aa039/results?tab=lookup
Score:
31%
Verdict:
Susipicious
File Type:
ARCHIVE
Link:
https://malprob.io/report/8afb4dcd3574e5a716e75a77a1ccdf9e23e6a03e181aa6a3ecb9b9d38e9aa039
Verdict:
inconclusive
YARA:
6 match(es)
Tags:
CAB:COMPRESSION:MSZIP Executable Office Document PDB Path PE (Portable Executable) PE File Layout SVG
Link:
https://app.malva.re/file/623d3417aa324158b7020f5af5c46ce7
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/8afb4dcd3574e5a716e75a77a1ccdf9e23e6a03e181aa6a3ecb9b9d38e9aa039/
Threat name:
Win32.Trojan.Generic
Create hunting rule
Status:
Suspicious
First seen:
2025-07-30 14:08:40 UTC
File Type:
Binary (Archive)
Extracted files:
497
AV detection:
11 of 24 (45.83%)
Threat level:
  5/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=rl5u3tjvots2ofxhlj32dtg7tyr6nib6dankni7mxg45hdu2ua4q._file
Result
Malware family:
netsupport
Create hunting rule
Score:
  10/10
Tags:
family:netsupport discovery persistence privilege_escalation rat
Link:
https://tria.ge/reports/250919-tv5rgawjt3/
Behaviour
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Event Triggered Execution: Installer Packages
System Location Discovery: System Language Discovery
Drops file in Windows directory
Executes dropped EXE
Loads dropped DLL
Enumerates connected drives
Drops startup file
NetSupport
Netsupport family
Verdict:
Suspicious
Tags:
n/a
YARA:
n/a
Link:
https://app.threat.zone/submission/cf3dba37-ac61-4237-8d83-59273452dbf0
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
NetSupportManager RAT
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/8afb4dcd3574e5a716e75a77a1ccdf9e23e6a03e181aa6a3ecb9b9d38e9aa039

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:DebuggerCheck__API
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:DebuggerCheck__QueryInfo
Create hunting rule
Reference:https://github.com/naxonez/yaraRules/blob/master/AntiDebugging.yara
Rule name:Detect_MSI_LATAM_Banker_From_LatAm
Create hunting rule
Rule name:FreddyBearDropper
Create hunting rule
Author:Dwarozh Hoshiar
Description:Freddy Bear Dropper is dropping a malware through base63 encoded powershell scrip.
Rule name:NET
Create hunting rule
Author:malware-lu

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape
Cape
https://www.capesandbox.com/analysis/28362/

Comments