MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 bdd89826ab8d3e3c03833b1ea8e4b0a34c80f13bfa5882e5b82f896cec41d141. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

NetSupport

Vendor detections: 4

Intelligence 4 IOCs YARA 1 File information Comments

SHA256 hash:	bdd89826ab8d3e3c03833b1ea8e4b0a34c80f13bfa5882e5b82f896cec41d141
SHA3-384 hash:	eb41799a3e2515458e348298dd29b337687678701cd9aeb7a65111828f6bb036d6e96c44720c124f24b2561fc13ef3cf
SHA1 hash:	208e615fd62249af697856734fb0e80bb1f58739
MD5 hash:	c50aa8af85636796521e490b2e0b34dd
humanhash:	zulu-wyoming-seventeen-freddie
File name:	Asana.msix
Download:	download sample
Signature	NetSupport Create hunting rule
File size:	1'064'026 bytes
First seen:	2024-05-01 19:32:38 UTC
Last seen:	Never
File type:	zip
MIME type:	application/zip
ssdeep	24576:dnGpZCJOG9vMcwFkyzgntQce6XIdi+J72iKgnSA:cpksG99wFkycpeiI8+J71BL
TLSH	T10A35239C0C31B6A2B6E5383AB5BD20003528E57693045C7324F3EDAEF4675866BD9CE7
TrID	84.1% (.MSIX) MSIX Windows app package (26500/1/3) 12.6% (.ZIP) ZIP compressed archive (4000/1) 3.1% (.PG/BIN) PrintFox/Pagefox bitmap (640x800) (1000/1)
Reporter	NDA0E
Tags:	msix NetSupport signed zip

Code Signing Certificate

Organisation:	SOFTWARE SP Z O O
Issuer:	GlobalSign GCC R45 EV CodeSigning CA 2020
Algorithm:	sha256WithRSAEncryption
Valid from:	2024-04-25T20:14:55Z
Valid to:	2025-03-08T09:41:59Z
Serial number:	432291ee2d1f6b4f2d5e1e00
Intelligence:	12 malware samples on MalwareBazaar are signed with this code signing certificate
Cert Central Blocklist:	This certificate is on the Cert Central blocklist
Thumbprint Algorithm:	SHA256
Thumbprint:	3e05a6ac43dd88e26833a409bb388d582e8db9032297fde08724e2faeec05978
Source:	This information was brought to you by ReversingLabs A1000 Malware Analysis Platform

Intelligence

File Origin

# of uploads :

# of downloads :

107

Origin country :

File Archive Information

This file archive contains 18 file(s), sorted by their relevance:

File name:	AppxManifest.xml
File size:	2'294 bytes
SHA256 hash:	fae4a6ef0435f34a34ff68a6e372f3726445e97151424eec216bc6b44ffd3010
MD5 hash:	23d6b1ec5efda7c3290c9f121e9dec0b
MIME type:	text/xml
Signature	NetSupport

File name:	[Content_Types].xml
File size:	874 bytes
SHA256 hash:	17ff7b9e1ecdfe5349d9a4b982f19ecbcb899ff4d4acba7b88a86a999a979bef
MD5 hash:	ba939dd49282f3a33257c97e9cc46dcf
MIME type:	text/xml
Signature	NetSupport

File name:	AppxSignature.p7x
File size:	4'883 bytes
SHA256 hash:	d603d9c325dd52c8c75f2c24bf90efa958c679fdf6e967124613179c29940985
MD5 hash:	1037ae0e159af1116ad7a0fcd6bb37e6
MIME type:	application/octet-stream
Signature	NetSupport

File name:	PsfRuntime32.dll
File size:	376'864 bytes
SHA256 hash:	11d6916d6066e481f5d19bb503f654dcf9cac80aef818c2b52a2a1f0ca2efd5a
MD5 hash:	a9f0eeb621dd5883258113cc4b490929
MIME type:	application/x-dosexec
Signature	NetSupport

File name:	StartingScriptWrapper.ps1
File size:	14'990 bytes
SHA256 hash:	7778c658411a2f1649ced14cdfe8a92145c1c7fa53b1ce5b14920000fe99bd98
MD5 hash:	da5bf3010154020db9db4cf8832b42ea
MIME type:	text/plain
Signature	NetSupport

File name:	User.dat
File size:	20'480 bytes
SHA256 hash:	7345dfa22f69bfda8c1cc2fda259f63ba4680e4d933c24e1016e8fd7e248137e
MD5 hash:	95a4a18ea8ee45e7c33c7b7e11fbd70a
MIME type:	application/octet-stream
Signature	NetSupport

File name:	config.json
File size:	359 bytes
SHA256 hash:	1d5ae02d3a51ff4679f93bc4f7a890dce32b40dfa71f0be0d0e7c8e7b0d6efa6
MD5 hash:	cc7663d4adaf927b050b9f1556315116
MIME type:	application/json
Signature	NetSupport

File name:	PsfLauncher64.exe
File size:	379'312 bytes
SHA256 hash:	338fc84d0b309a726bae061ae7ef727884fd43a71aff70900dbce27de07791ea
MD5 hash:	bfcb4275530e99a5e3fca4614a645fb5
MIME type:	application/x-dosexec
Signature	NetSupport

File name:	PsfRuntime64.dll
File size:	478'752 bytes
SHA256 hash:	495b13461b13c3ce1c766d9899b860add4dfcd9e6b2dc5815389aed6e26cda0e
MD5 hash:	61863b4c1aeefe10d69f54c03d373fd5
MIME type:	application/x-dosexec
Signature	NetSupport

File name:	usJzY.ps1
File size:	6'652 bytes
SHA256 hash:	5e9362dba53021ab588e396e1cb28100718471f07c5dd5cafa6bf5728f014b97
MD5 hash:	8ede71440d02f3d250a3ac50eef4280f
MIME type:	text/plain
Signature	NetSupport

File name:	Registry.dat
File size:	49'152 bytes
SHA256 hash:	8ad9867924d7cc8b89a667928bf731b736590de4f7f07919fdb5c571c123e212
MD5 hash:	e75f1e8d56cf160db722ce9eeb660f25
MIME type:	application/octet-stream
Signature	NetSupport

File name:	AppxBlockMap.xml
File size:	4'516 bytes
SHA256 hash:	5a2100f64d1053705c1014ff435fd02e14e3433b7d51d66b43eefc74a563e6d3
MD5 hash:	3c8c783126a2bbf214aaf96c005c0115
MIME type:	text/xml
Signature	NetSupport

File name:	logo.png
File size:	2'661 bytes
SHA256 hash:	78e48fe1e9775318a44641f2d987a9e91a992dc49546f26a4789b0bc53c7fddb
MD5 hash:	487ecbb9758c8308d91260cec37c4c89
MIME type:	image/png
Signature	NetSupport

File name:	PsfRunDll32.exe
File size:	95'152 bytes
SHA256 hash:	324f1db0dbe4a6577425d0c3dd72d4681e5000cca9d17cc62a2af0fcce12eca2
MD5 hash:	96376177175a1b23a95c6498e9ffb2b5
MIME type:	application/x-dosexec
Signature	NetSupport

File name:	CodeIntegrity.cat
File size:	6'112 bytes
SHA256 hash:	e808b567d4ae669e69f13d1d06f8a75f104987282b51b1ae83200b92f05456a7
MD5 hash:	d8bcc9c95b3d2b36aa785494c69d3ac9
MIME type:	application/octet-stream
Signature	NetSupport

File name:	PsfLauncher32.exe
File size:	309'680 bytes
SHA256 hash:	312bd304860f9865ed4073f5baffde8df9907a1ebfedd2d1d637ab48db3ca004
MD5 hash:	e005414b82df848717581bd260725b02
MIME type:	application/x-dosexec
Signature	NetSupport

File name:	Resources.pri
File size:	5'176 bytes
SHA256 hash:	ae0e328618800983358b154262102ea2e73823108d7f86c62a37dc91377f5df3
MD5 hash:	ce102c4b1736bf61f34e14f0173fee89
MIME type:	application/octet-stream
Signature	NetSupport

File name:	PsfRunDll64.exe
File size:	118'704 bytes
SHA256 hash:	b37f6780adc7c7534ab474c1a9b8a5fbc1a8e9df105be9be7a9e13d96385dbe4
MD5 hash:	8466f69926a22670dcf6515a4fc3c054
MIME type:	application/x-dosexec
Signature	NetSupport

Vendor Threat Intelligence

Verdict:

Suspicious

Threat level:

5/10

Confidence:

100%

Tags:

fingerprint masquerade

Link:

https://www.filescan.io/uploads/663298f99cdc03b57ab93d04/reports/60e0682f-e3a0-4981-b270-9091af3c317b/overview

Verdict:

Unknown

Link:

https://www.hybrid-analysis.com/sample/bdd89826ab8d3e3c03833b1ea8e4b0a34c80f13bfa5882e5b82f896cec41d141

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/bdd89826ab8d3e3c03833b1ea8e4b0a34c80f13bfa5882e5b82f896cec41d141/

Threat name:

Win32.Trojan.Boxter

Status:

Malicious

First seen:

2024-04-30 17:30:12 UTC

File Type:

Binary (Archive)

Extracted files:

AV detection:

8 of 24 (33.33%)

Threat level:

5/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=xxmjqjvlru7dya4dhmpkrzfqungib4j37jmifznyf6ewz3cb2faq._file

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/240502-a879zaec63/

Please note that we are no longer able to provide a coverage score for Virus Total.

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.