General

  • Target

    f079bd3d5d9aa88a9fac30c67936aac0N.exe

  • Size

    134KB

  • Sample

    240817-nsf3fatckb

  • MD5

    f079bd3d5d9aa88a9fac30c67936aac0

  • SHA1

    7d39d1fa2113d417e8652ca0191c8d0010505492

  • SHA256

    5bb4add990d71544b729b2b753ca8d9af76c289922a97757d9bcd65002493477

  • SHA512

    57b9c73b4201cbed1155af11cf90eec759277a5c562d6cacf04735f7705a3f7a5fa267dff692ea951086ddcc41d72a91f1a09247a55159ef4754c95a5f257e9f

  • SSDEEP

    1536:QDfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCia:GiRTeH0iqAW6J6f1tqF6dngNmaZCia

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      f079bd3d5d9aa88a9fac30c67936aac0N.exe

    • Size

      134KB

    • MD5

      f079bd3d5d9aa88a9fac30c67936aac0

    • SHA1

      7d39d1fa2113d417e8652ca0191c8d0010505492

    • SHA256

      5bb4add990d71544b729b2b753ca8d9af76c289922a97757d9bcd65002493477

    • SHA512

      57b9c73b4201cbed1155af11cf90eec759277a5c562d6cacf04735f7705a3f7a5fa267dff692ea951086ddcc41d72a91f1a09247a55159ef4754c95a5f257e9f

    • SSDEEP

      1536:QDfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCia:GiRTeH0iqAW6J6f1tqF6dngNmaZCia

    • Neconyd

      Neconyd is a trojan written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks