# Malicious File Hashes (SHA256)
# Source: PCAP analysis of NetSupport Manager RAT infection
# Date: 2026-02-28

# --- C2 Beacon Content Hashes (NetSupport Manager RAT) ---
# C2 Server: 45.131.214.85:443 (HTTP over port 443)
# URI: http://45.131.214.85/fakeurl.htm

2357d0f3455f3503085c4af2543eec16315223eefeebb3f611f0933d229ae6e7
2b69346572041eefe558a82b58d654237e087ce9ab4e0876254a40a8954279a9
6d7c628be198fe0fea6336e5a6744729d11988b22a45898ff8e11c35a9e54eaa
975b5678560775735da4a9e8b805dce370329179b8e17ebc1c289aaeb293f7ff
98cf8b62e22638ceeea90caaa3083f9dfc698a5e8277b372e28d55acdf457a12
ddd0d6aec676ff11c538624978df3373f8f1c951fda070e433126aa575b90172
f0e200cacd273e3dd257057f27aeda839a1f2f31482e0bb01ea8b1363a7af245

# --- Suspicious Executable/Archive Hashes ---
1589fd0ea601cc4098d7e8346defa99d44e18b2cad355b1c44418bc462f0a98b  # Zip archive, with extra data prepended
5002a44018b1aadc44ecc2cdbb60fb3a1daa01fa88fd1698cb28079c21a04a48  # Zip archive, with extra data prepended
8792451d38b92522696797b73e2595185bf749ef6c744f0aea13de704a47a14a  # Zip archive, with extra data prepended
64958d1143783cfbfc54c24972748ad669974f20cba52b78dfcda3a40f1327f1  # DOS executable (COM), start instruction 0x8c4e4bc6
b099e5e97d7aaa8fdae9019d1f3b7a39996bb1566db5bd92c5f94fd7d313d404  # Zip archive, with extra data prepended
565f9ae01e0435234918ba8564a0deba5d07b84339f4234625488c5953cda6a0  # Zip archive, with extra data prepended