General

  • Target

    5137682cfd1570081e325a18027f8d40N.exe

  • Size

    248KB

  • Sample

    240817-qectzaxble

  • MD5

    5137682cfd1570081e325a18027f8d40

  • SHA1

    0f70ce6c59b86e1190b2436b02b37618f4d3916b

  • SHA256

    f7482e028b5429a0b7e73f250db7e75465d922317bd3e926797b78b9a0eadd65

  • SHA512

    02481630684f00f571361ef6f74ca9df8d43884fd311ef811d0a74afb6d33fe12bc586d4d0eae811cc95ad9b7d3ca1e193ed05f411a0b3e044a392204fda56cb

  • SSDEEP

    1536:a4d9dseIOc+93bIvYvZEyF4EEOF6N4yS+AQmZMnOHBRzU:aIdseIO+EZEyFjEOFqTiQmGnOHjzU

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      5137682cfd1570081e325a18027f8d40N.exe

    • Size

      248KB

    • MD5

      5137682cfd1570081e325a18027f8d40

    • SHA1

      0f70ce6c59b86e1190b2436b02b37618f4d3916b

    • SHA256

      f7482e028b5429a0b7e73f250db7e75465d922317bd3e926797b78b9a0eadd65

    • SHA512

      02481630684f00f571361ef6f74ca9df8d43884fd311ef811d0a74afb6d33fe12bc586d4d0eae811cc95ad9b7d3ca1e193ed05f411a0b3e044a392204fda56cb

    • SSDEEP

      1536:a4d9dseIOc+93bIvYvZEyF4EEOF6N4yS+AQmZMnOHBRzU:aIdseIO+EZEyFjEOFqTiQmGnOHjzU

    • Neconyd

      Neconyd is a trojan written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks