Car Insurance Emails Drives for NetSupport RAT Infection 

A basic car-insurance/financial-themed phishing campaign has been observed redirecting victims via legitimate-looking marketing/Google ad links to a compromised site (blawx.com) which serves JavaScript that downloads additional stages and a ZIP archive containing a modified NetSupport RAT. The report traces the multi-stage infection chain, shows persistence via autostart registry entries, identifies C2 configuration and communications, and highlights specific artifacts (domains, JavaScript stages, archive and NetSupport files) usable as indicators of compromise.