General

  • Target

    c01a354121c3d96dab4f4a9d86d6328e830649b8ec2795c32127a25484c1985e

  • Size

    96KB

  • Sample

    240519-chpfaach6x

  • MD5

    9bd485b5677dd21fe07d2a29c8fed1de

  • SHA1

    f131e272113a58552df678e85c0a8da593371eac

  • SHA256

    c01a354121c3d96dab4f4a9d86d6328e830649b8ec2795c32127a25484c1985e

  • SHA512

    72520dd0c4804d709c02ebd714e1a65466b493fa776eb4eca143767924dd714ee4b954dc46da1a3641b8c3e75376da6c1c18508297b35f0d814beffc3e749588

  • SSDEEP

    1536:vnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:vGs8cd8eXlYairZYqMddH13L

Score
10/10

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      c01a354121c3d96dab4f4a9d86d6328e830649b8ec2795c32127a25484c1985e

    • Size

      96KB

    • MD5

      9bd485b5677dd21fe07d2a29c8fed1de

    • SHA1

      f131e272113a58552df678e85c0a8da593371eac

    • SHA256

      c01a354121c3d96dab4f4a9d86d6328e830649b8ec2795c32127a25484c1985e

    • SHA512

      72520dd0c4804d709c02ebd714e1a65466b493fa776eb4eca143767924dd714ee4b954dc46da1a3641b8c3e75376da6c1c18508297b35f0d814beffc3e749588

    • SSDEEP

      1536:vnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:vGs8cd8eXlYairZYqMddH13L

    Score
    10/10
    • Neconyd

      Neconyd is a trojan written in C++.

    • Detects executables built or packed with MPress PE compressor

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks