General

  • Target

    cf0c85daf46fca43c3a55f4be39c20ff50051e1ef66d4d7193d8ece1f3cc25b8

  • Size

    96KB

  • Sample

    240521-ey9r9she4s

  • MD5

    1d85ebd93196eee174f1adf65a5aff13

  • SHA1

    5a506e8e52c1ec64729761679792c5400b99c832

  • SHA256

    cf0c85daf46fca43c3a55f4be39c20ff50051e1ef66d4d7193d8ece1f3cc25b8

  • SHA512

    ea7ec183a8f1239b0e58b5295b57264afd5b5354d3cb875ed5898f56a820aa874121a32e04c2cca03cd88c1d9a8ffeb5d8ed4386833ddb9f2dc64bcee2ef5787

  • SSDEEP

    1536:VnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:VGs8cd8eXlYairZYqMddH13L

Score
10/10

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      cf0c85daf46fca43c3a55f4be39c20ff50051e1ef66d4d7193d8ece1f3cc25b8

    • Size

      96KB

    • MD5

      1d85ebd93196eee174f1adf65a5aff13

    • SHA1

      5a506e8e52c1ec64729761679792c5400b99c832

    • SHA256

      cf0c85daf46fca43c3a55f4be39c20ff50051e1ef66d4d7193d8ece1f3cc25b8

    • SHA512

      ea7ec183a8f1239b0e58b5295b57264afd5b5354d3cb875ed5898f56a820aa874121a32e04c2cca03cd88c1d9a8ffeb5d8ed4386833ddb9f2dc64bcee2ef5787

    • SSDEEP

      1536:VnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:VGs8cd8eXlYairZYqMddH13L

    Score
    10/10
    • Neconyd

      Neconyd is a trojan written in C++.

    • Detects executables built or packed with MPress PE compressor

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks