General

  • Target

    d6cdc8d2cbf5d73d827d228af35e7b90N.exe

  • Size

    134KB

  • Sample

    240820-rfqb5awbnb

  • MD5

    d6cdc8d2cbf5d73d827d228af35e7b90

  • SHA1

    355cb9644a7d9e0455048c48be2c464e25ea2fda

  • SHA256

    be5e413c902a18ed64fcd16b13ab61e92535d3e169bc937ed3f8c90d31b7ce22

  • SHA512

    dd0f8952bad705b71abbdd2b00442a5488656aba8b3e3817bf96e7b6fc6e98a4a3dd4404307a3fe43f8b2dce83d6b44dced17c99d3e02f717c82f2a1afdaf04b

  • SSDEEP

    1536:jDfDbhERTatPLTH0NqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwC7M:viRTeH0NqAW6J6f1tqF6dngNmaZC7M

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      d6cdc8d2cbf5d73d827d228af35e7b90N.exe

    • Size

      134KB

    • MD5

      d6cdc8d2cbf5d73d827d228af35e7b90

    • SHA1

      355cb9644a7d9e0455048c48be2c464e25ea2fda

    • SHA256

      be5e413c902a18ed64fcd16b13ab61e92535d3e169bc937ed3f8c90d31b7ce22

    • SHA512

      dd0f8952bad705b71abbdd2b00442a5488656aba8b3e3817bf96e7b6fc6e98a4a3dd4404307a3fe43f8b2dce83d6b44dced17c99d3e02f717c82f2a1afdaf04b

    • SSDEEP

      1536:jDfDbhERTatPLTH0NqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwC7M:viRTeH0NqAW6J6f1tqF6dngNmaZC7M

    • Neconyd

      Neconyd is a trojan written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks