General

  • Target

    a432c44ea86711317d6d0ba15f9e6d70N.exe

  • Size

    134KB

  • Sample

    240816-2eb38a1dpb

  • MD5

    a432c44ea86711317d6d0ba15f9e6d70

  • SHA1

    bbb72761bd1444710379095ad336cfc6428a4f73

  • SHA256

    2a617dc021cd609d5875d5829d186f24267d509a625102e45ef5bcf82fe2c02f

  • SHA512

    50f2df03aa1f6b05ccf7d88cb091c07790ab2124d93b9c2a497a798ac236b06f29065f2e5d4fb95ecf9787e6831c80ddae2e0c9c628b3fa463eb9292edb3a50f

  • SSDEEP

    1536:PDfDbhERTatPLTH0NqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwC7M:7iRTeH0NqAW6J6f1tqF6dngNmaZC7M

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      a432c44ea86711317d6d0ba15f9e6d70N.exe

    • Size

      134KB

    • MD5

      a432c44ea86711317d6d0ba15f9e6d70

    • SHA1

      bbb72761bd1444710379095ad336cfc6428a4f73

    • SHA256

      2a617dc021cd609d5875d5829d186f24267d509a625102e45ef5bcf82fe2c02f

    • SHA512

      50f2df03aa1f6b05ccf7d88cb091c07790ab2124d93b9c2a497a798ac236b06f29065f2e5d4fb95ecf9787e6831c80ddae2e0c9c628b3fa463eb9292edb3a50f

    • SSDEEP

      1536:PDfDbhERTatPLTH0NqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwC7M:7iRTeH0NqAW6J6f1tqF6dngNmaZC7M

    • Neconyd

      Neconyd is a trojan written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks