Behavioral task
behavioral1
Sample
dc50642973a0cc8359f12509235873ce99063bb024524146dc938642db0665bd.exe
Resource
win7-20240704-en
General
-
Target
dc50642973a0cc8359f12509235873ce99063bb024524146dc938642db0665bd
-
Size
71KB
-
MD5
0ce26c0d33ed0cfda9209db722889845
-
SHA1
52cfa7af81c0b3743f90cc06e9acd9c7d7ed1ed9
-
SHA256
dc50642973a0cc8359f12509235873ce99063bb024524146dc938642db0665bd
-
SHA512
875dd901f18a2e48368d67b360b42c94c9db651c91c777abcb850861bffdd1f24674308f8433dcd4619cccae5e09b39e9fe69402a93c3aed93de2c4c64af5a8b
-
SSDEEP
1536:6d9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZSDHIbH:adseIOMEZEyFjEOFqTiQmQDHIbH
Malware Config
Extracted
neconyd
http://ow5dirasuek.com/
http://mkkuei4kdsz.com/
http://lousta.net/
Signatures
-
Neconyd family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
Processes:
resource dc50642973a0cc8359f12509235873ce99063bb024524146dc938642db0665bd
Files
-
dc50642973a0cc8359f12509235873ce99063bb024524146dc938642db0665bd.exe windows:4 windows x86 arch:x86
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
Sections
.MPRESS1 Size: 64KB - Virtual size: 160KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.MPRESS2 Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.imports Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE