General

  • Target

    26c54756b942e04ed27eb19645e39650N.exe

  • Size

    35KB

  • Sample

    240820-h7vlgstckr

  • MD5

    26c54756b942e04ed27eb19645e39650

  • SHA1

    5d49d62c486723b73e2d4baa7c9df97d2a058a3f

  • SHA256

    9b6aaecd415d45a5bb5f682309f6bc54b7bbadf908a9fbbd60c6dfa084303a6c

  • SHA512

    c33637ce3c15ad3cb6b775b6b1c6f12252ccbfbaad00554cd55c73f9648608f8dc83b8ea61566c4dfd200cd5bad31e0840ec6ae4a5d6b77a96983bc3a4d519db

  • SSDEEP

    768:G6vjVmakOElpmAsUA7DJHrhto2OsgwAPTUrpiEe7HpB:d8Z0kA7FHlO2OwOTUtKjpB

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      26c54756b942e04ed27eb19645e39650N.exe

    • Size

      35KB

    • MD5

      26c54756b942e04ed27eb19645e39650

    • SHA1

      5d49d62c486723b73e2d4baa7c9df97d2a058a3f

    • SHA256

      9b6aaecd415d45a5bb5f682309f6bc54b7bbadf908a9fbbd60c6dfa084303a6c

    • SHA512

      c33637ce3c15ad3cb6b775b6b1c6f12252ccbfbaad00554cd55c73f9648608f8dc83b8ea61566c4dfd200cd5bad31e0840ec6ae4a5d6b77a96983bc3a4d519db

    • SSDEEP

      768:G6vjVmakOElpmAsUA7DJHrhto2OsgwAPTUrpiEe7HpB:d8Z0kA7FHlO2OwOTUtKjpB

    • Neconyd

      Neconyd is a trojan written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks