General

  • Target

    bc3a24b871881c766f0a1c1fa42c4c22a7ef1c54fdd478c0cc70e67fa7cdadd0

  • Size

    96KB

  • Sample

    240522-gyyq4sef44

  • MD5

    62837c7633f7b6d0d1a5462454e4f1de

  • SHA1

    899cc1e39c8371ae676a7f69e8036d633fa08356

  • SHA256

    bc3a24b871881c766f0a1c1fa42c4c22a7ef1c54fdd478c0cc70e67fa7cdadd0

  • SHA512

    9d011c0e0ed32f9d5455a492974e9d02eca3630af4e76b2e43167f38cd80ebbe613d4e11e1e0d306fb314ef99ff4fb063cf166309b34cbae6f76ce576b918e6c

  • SSDEEP

    1536:unAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:uGs8cd8eXlYairZYqMddH13L

Score
10/10

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      bc3a24b871881c766f0a1c1fa42c4c22a7ef1c54fdd478c0cc70e67fa7cdadd0

    • Size

      96KB

    • MD5

      62837c7633f7b6d0d1a5462454e4f1de

    • SHA1

      899cc1e39c8371ae676a7f69e8036d633fa08356

    • SHA256

      bc3a24b871881c766f0a1c1fa42c4c22a7ef1c54fdd478c0cc70e67fa7cdadd0

    • SHA512

      9d011c0e0ed32f9d5455a492974e9d02eca3630af4e76b2e43167f38cd80ebbe613d4e11e1e0d306fb314ef99ff4fb063cf166309b34cbae6f76ce576b918e6c

    • SSDEEP

      1536:unAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:uGs8cd8eXlYairZYqMddH13L

    Score
    10/10
    • Neconyd

      Neconyd is a trojan written in C++.

    • Detects executables built or packed with MPress PE compressor

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix

Tasks