General

  • Target

    a2b4aa0d1af367a4e2eaf80dc8eb5980N.exe

  • Size

    248KB

  • Sample

    240817-fcq9gaxgma

  • MD5

    a2b4aa0d1af367a4e2eaf80dc8eb5980

  • SHA1

    ebad7e1431d08855c853b0b397f72642c69bf7ee

  • SHA256

    b52bb4ee064ab8113feed2474060b6a6af169a80cd7f318d0e36d822ce9a19b4

  • SHA512

    d30c6b8c36901f22c6c09b43e61bac8a43c69b405ae0af58f2744d7d5eca8d3a9bb9ad5472777edbd00f84774b9e641bc1e2b646f9f172cac6e3c6694450cc0b

  • SSDEEP

    1536:P4d9dseIOc+93bIvYvZEyF4EEOF6N4yS+AQmZMnOHBRzU:PIdseIO+EZEyFjEOFqTiQmGnOHjzU

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      a2b4aa0d1af367a4e2eaf80dc8eb5980N.exe

    • Size

      248KB

    • MD5

      a2b4aa0d1af367a4e2eaf80dc8eb5980

    • SHA1

      ebad7e1431d08855c853b0b397f72642c69bf7ee

    • SHA256

      b52bb4ee064ab8113feed2474060b6a6af169a80cd7f318d0e36d822ce9a19b4

    • SHA512

      d30c6b8c36901f22c6c09b43e61bac8a43c69b405ae0af58f2744d7d5eca8d3a9bb9ad5472777edbd00f84774b9e641bc1e2b646f9f172cac6e3c6694450cc0b

    • SSDEEP

      1536:P4d9dseIOc+93bIvYvZEyF4EEOF6N4yS+AQmZMnOHBRzU:PIdseIO+EZEyFjEOFqTiQmGnOHjzU

    • Neconyd

      Neconyd is a trojan written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks