General

  • Target

    4e19bd8056430329ebf28532dd5076c0N.exe

  • Size

    96KB

  • Sample

    240817-rmc1dasgpm

  • MD5

    4e19bd8056430329ebf28532dd5076c0

  • SHA1

    8db7dad556e0a7d8bfb04f540d146ec8f90f21eb

  • SHA256

    c629fa7a9658ab9455c67008c39d6b9fad0595c9467b488bb10d94d1452a380b

  • SHA512

    b18f0d418cb6edaf4d5b1c0d6a62d3ffbaa2f0ba61b48e6f81efe4a903a87b01d23e36f43301f47a2d967b6a70dc473a514f501e0d7c8f62b91b950b6f9f1b38

  • SSDEEP

    1536:4nAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:4Gs8cd8eXlYairZYqMddH13L

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      4e19bd8056430329ebf28532dd5076c0N.exe

    • Size

      96KB

    • MD5

      4e19bd8056430329ebf28532dd5076c0

    • SHA1

      8db7dad556e0a7d8bfb04f540d146ec8f90f21eb

    • SHA256

      c629fa7a9658ab9455c67008c39d6b9fad0595c9467b488bb10d94d1452a380b

    • SHA512

      b18f0d418cb6edaf4d5b1c0d6a62d3ffbaa2f0ba61b48e6f81efe4a903a87b01d23e36f43301f47a2d967b6a70dc473a514f501e0d7c8f62b91b950b6f9f1b38

    • SSDEEP

      1536:4nAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:4Gs8cd8eXlYairZYqMddH13L

    • Neconyd

      Neconyd is a trojan written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks