General

  • Target

    da485c4c0373f0df152775c61cfc8a40N.exe

  • Size

    96KB

  • Sample

    240817-tgeccstgma

  • MD5

    da485c4c0373f0df152775c61cfc8a40

  • SHA1

    4d4001689740b3b91cbbf1fa82140784b183a56b

  • SHA256

    06f7abd536b5f809c634255acd936684261e647a443186d06fff58f1ef435b66

  • SHA512

    2ae1cdc26086bba0ff0747ad79845c8b2f3bfcd519bb0a0e6c9fcedf865e6f540ff4186cd991ab1b69ff6a98c2927936418ab4807567b128b2307fdabeb5fdb6

  • SSDEEP

    1536:ZnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:ZGs8cd8eXlYairZYqMddH13L

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      da485c4c0373f0df152775c61cfc8a40N.exe

    • Size

      96KB

    • MD5

      da485c4c0373f0df152775c61cfc8a40

    • SHA1

      4d4001689740b3b91cbbf1fa82140784b183a56b

    • SHA256

      06f7abd536b5f809c634255acd936684261e647a443186d06fff58f1ef435b66

    • SHA512

      2ae1cdc26086bba0ff0747ad79845c8b2f3bfcd519bb0a0e6c9fcedf865e6f540ff4186cd991ab1b69ff6a98c2927936418ab4807567b128b2307fdabeb5fdb6

    • SSDEEP

      1536:ZnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:ZGs8cd8eXlYairZYqMddH13L

    • Neconyd

      Neconyd is a trojan written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks