General

  • Target

    442a7856c1eb020e56594d387dbd2cd71a0496f00b671ba519ca84b7a3a7598b

  • Size

    248KB

  • Sample

    240817-1bbslsxgmd

  • MD5

    0f26e4cbff0053e59f6c38bd5115af0d

  • SHA1

    d2f3bea2ca7bf23c289eb812160a7d525b8858e4

  • SHA256

    442a7856c1eb020e56594d387dbd2cd71a0496f00b671ba519ca84b7a3a7598b

  • SHA512

    a2e5a6522550530b1a1ce67048ac798e9f8d6599e404a2e73fce75909d66c517f5f13bd7764ee16f9dcbc1fbe2c991bc3f5c86ddcd8f5421e65f2a0d49fdecec

  • SSDEEP

    1536:f4d9dseIOc+93bIvYvZEyF4EEOF6N4yS+AQmZMnOHBRzU:fIdseIO+EZEyFjEOFqTiQmGnOHjzU

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      442a7856c1eb020e56594d387dbd2cd71a0496f00b671ba519ca84b7a3a7598b

    • Size

      248KB

    • MD5

      0f26e4cbff0053e59f6c38bd5115af0d

    • SHA1

      d2f3bea2ca7bf23c289eb812160a7d525b8858e4

    • SHA256

      442a7856c1eb020e56594d387dbd2cd71a0496f00b671ba519ca84b7a3a7598b

    • SHA512

      a2e5a6522550530b1a1ce67048ac798e9f8d6599e404a2e73fce75909d66c517f5f13bd7764ee16f9dcbc1fbe2c991bc3f5c86ddcd8f5421e65f2a0d49fdecec

    • SSDEEP

      1536:f4d9dseIOc+93bIvYvZEyF4EEOF6N4yS+AQmZMnOHBRzU:fIdseIO+EZEyFjEOFqTiQmGnOHjzU

    • Neconyd

      Neconyd is a trojan written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks