Overview

overview

10

Static

static

10

f5cdc6dccb...29.exe

windows7-x64

10

f5cdc6dccb...29.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    f5cdc6dccb4a0854a230d6a7a8b74da0db0df844dfc2579b593697f6a39d0629

  • Size

    96KB

  • Sample

    240508-e6jk2sde87

  • MD5

    7475c2f6588a3ff8b53202eedba5600f

  • SHA1

    0285bab508b8e92963207aea01a9bb7d143bf7bb

  • SHA256

    f5cdc6dccb4a0854a230d6a7a8b74da0db0df844dfc2579b593697f6a39d0629

  • SHA512

    80394b24c83b5260f73ee8bcec0250e811b91c3ca1ea64eec369c644c62c69bbd23da45653212dc73c3479c8f009fc4d6c2e93c56357cf9aa317935b2d09dab3

  • SSDEEP

    1536:nnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:nGs8cd8eXlYairZYqMddH13L

Score
10/10
neconydtrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      f5cdc6dccb4a0854a230d6a7a8b74da0db0df844dfc2579b593697f6a39d0629

    • Size

      96KB

    • MD5

      7475c2f6588a3ff8b53202eedba5600f

    • SHA1

      0285bab508b8e92963207aea01a9bb7d143bf7bb

    • SHA256

      f5cdc6dccb4a0854a230d6a7a8b74da0db0df844dfc2579b593697f6a39d0629

    • SHA512

      80394b24c83b5260f73ee8bcec0250e811b91c3ca1ea64eec369c644c62c69bbd23da45653212dc73c3479c8f009fc4d6c2e93c56357cf9aa317935b2d09dab3

    • SSDEEP

      1536:nnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:nGs8cd8eXlYairZYqMddH13L

    Score
    10/10
    neconydtrojan

    • Neconyd

      Neconyd is a trojan written in C++.

      trojanneconyd

    • Detects executables built or packed with MPress PE compressor

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks