General

  • Target

    ef227363c16f535392adea2b7db7aff0N.exe

  • Size

    134KB

  • Sample

    240821-ck7dwayfkl

  • MD5

    ef227363c16f535392adea2b7db7aff0

  • SHA1

    a681e9309d2d5d5b0fd40772ac6539994ae5a625

  • SHA256

    b4b69a91e27dbebca7205cc0b11dd778bda3061e12a5840336dbd49fb6e637b7

  • SHA512

    ff7ec7ab6706b89f054218b8b9dd8740f695be80948b70e9e8172eff52e77ade1fdf58bc2b7634400806b9f1f9b5c87c684d2970965d17a297757fb5a061829e

  • SSDEEP

    1536:CDfDbhERTatPLTH0NqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwC7M:0iRTeH0NqAW6J6f1tqF6dngNmaZC7M

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      ef227363c16f535392adea2b7db7aff0N.exe

    • Size

      134KB

    • MD5

      ef227363c16f535392adea2b7db7aff0

    • SHA1

      a681e9309d2d5d5b0fd40772ac6539994ae5a625

    • SHA256

      b4b69a91e27dbebca7205cc0b11dd778bda3061e12a5840336dbd49fb6e637b7

    • SHA512

      ff7ec7ab6706b89f054218b8b9dd8740f695be80948b70e9e8172eff52e77ade1fdf58bc2b7634400806b9f1f9b5c87c684d2970965d17a297757fb5a061829e

    • SSDEEP

      1536:CDfDbhERTatPLTH0NqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwC7M:0iRTeH0NqAW6J6f1tqF6dngNmaZC7M

    • Neconyd

      Neconyd is a trojan written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks