General

  • Target

    ef136d4fea4454662428a0867eb01120N.exe

  • Size

    96KB

  • Sample

    240817-svdsbasfjf

  • MD5

    ef136d4fea4454662428a0867eb01120

  • SHA1

    d6c15759a55ba819205cdda36b2b3b9779dc2b45

  • SHA256

    540065f21daa8861400dfcc1708907f265395d332165d8ceca39baea42600418

  • SHA512

    711dd6fe606dddd56c8623463c815bb11154ea9edd068d3d08e3a1754f297ea8830fa7da3a4312ebc1d887373cb5e736f0603733e1b598c5549556a785a3eaeb

  • SSDEEP

    1536:LnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:LGs8cd8eXlYairZYqMddH13L

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      ef136d4fea4454662428a0867eb01120N.exe

    • Size

      96KB

    • MD5

      ef136d4fea4454662428a0867eb01120

    • SHA1

      d6c15759a55ba819205cdda36b2b3b9779dc2b45

    • SHA256

      540065f21daa8861400dfcc1708907f265395d332165d8ceca39baea42600418

    • SHA512

      711dd6fe606dddd56c8623463c815bb11154ea9edd068d3d08e3a1754f297ea8830fa7da3a4312ebc1d887373cb5e736f0603733e1b598c5549556a785a3eaeb

    • SSDEEP

      1536:LnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:LGs8cd8eXlYairZYqMddH13L

    • Neconyd

      Neconyd is a trojan written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks