General

  • Target

    3c1a84bf2b3a29cf88de036ce3281470N.exe

  • Size

    134KB

  • Sample

    240820-wm2qyszcrr

  • MD5

    3c1a84bf2b3a29cf88de036ce3281470

  • SHA1

    d46c2b6c35430a9a82d55ace684503dd3de664bb

  • SHA256

    516b8ca95f3bfeded1b8d2880483ea9a4c42642c0fc28590a77aa53f36e664a1

  • SHA512

    9520fd97c79e41f91dce9778fdbf0e0cabbad52b9cdc554e20e22edbb76ca3ab4ebdb2398c66264a3045e71e9709b469dcfa677711d0855223d8699b193bbbdd

  • SSDEEP

    1536:ADfDbhERTatPLTH0NqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwC7M:2iRTeH0NqAW6J6f1tqF6dngNmaZC7M

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      3c1a84bf2b3a29cf88de036ce3281470N.exe

    • Size

      134KB

    • MD5

      3c1a84bf2b3a29cf88de036ce3281470

    • SHA1

      d46c2b6c35430a9a82d55ace684503dd3de664bb

    • SHA256

      516b8ca95f3bfeded1b8d2880483ea9a4c42642c0fc28590a77aa53f36e664a1

    • SHA512

      9520fd97c79e41f91dce9778fdbf0e0cabbad52b9cdc554e20e22edbb76ca3ab4ebdb2398c66264a3045e71e9709b469dcfa677711d0855223d8699b193bbbdd

    • SSDEEP

      1536:ADfDbhERTatPLTH0NqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwC7M:2iRTeH0NqAW6J6f1tqF6dngNmaZC7M

    • Neconyd

      Neconyd is a trojan written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks