General

  • Target

    5d17a345e856fec8a2071e09c389e040N.exe

  • Size

    96KB

  • Sample

    240817-axsedawhnb

  • MD5

    5d17a345e856fec8a2071e09c389e040

  • SHA1

    cad2dd76600a4984d320c7f22c8be304fb210f6c

  • SHA256

    61432fd5dd4dc3014ff9b67f3ada5b6e0690430e6943af208677ed5cb03d5f76

  • SHA512

    5e6e2d75fad862100af22e2e9cbc358d0602e9e69e1554743a08e146e15722233b70f5065990ea97120915c2bcc7bcc0e2cf30b10009343dc63489fed1b4566f

  • SSDEEP

    1536:WnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:WGs8cd8eXlYairZYqMddH13L

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      5d17a345e856fec8a2071e09c389e040N.exe

    • Size

      96KB

    • MD5

      5d17a345e856fec8a2071e09c389e040

    • SHA1

      cad2dd76600a4984d320c7f22c8be304fb210f6c

    • SHA256

      61432fd5dd4dc3014ff9b67f3ada5b6e0690430e6943af208677ed5cb03d5f76

    • SHA512

      5e6e2d75fad862100af22e2e9cbc358d0602e9e69e1554743a08e146e15722233b70f5065990ea97120915c2bcc7bcc0e2cf30b10009343dc63489fed1b4566f

    • SSDEEP

      1536:WnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:WGs8cd8eXlYairZYqMddH13L

    • Neconyd

      Neconyd is a trojan written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks