General

  • Target

    e2095ea54bae26c47334e45f38485c20N.exe

  • Size

    248KB

  • Sample

    240821-gshspswhpk

  • MD5

    e2095ea54bae26c47334e45f38485c20

  • SHA1

    a0f4bd3e51d22a8f401a9156fb35ab6c5ea4aa66

  • SHA256

    73631f096ec35cb8344d9fbb09004d01a04c30ab240933a2e72a7d4e323fca1c

  • SHA512

    92e479b3a52412169e4c3f660fb92dc7115d8f2812e23ffc33ca8af87e8f790e5d3a75119f463f059668c9251bf9b265d98ea506ab5e6b43030ef8e1ca00c2ba

  • SSDEEP

    1536:I4d9dseIOc+93bIvYvZEyF4EEOF6N4yS+AQmZMnOHBRzU:IIdseIO+EZEyFjEOFqTiQmGnOHjzU

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      e2095ea54bae26c47334e45f38485c20N.exe

    • Size

      248KB

    • MD5

      e2095ea54bae26c47334e45f38485c20

    • SHA1

      a0f4bd3e51d22a8f401a9156fb35ab6c5ea4aa66

    • SHA256

      73631f096ec35cb8344d9fbb09004d01a04c30ab240933a2e72a7d4e323fca1c

    • SHA512

      92e479b3a52412169e4c3f660fb92dc7115d8f2812e23ffc33ca8af87e8f790e5d3a75119f463f059668c9251bf9b265d98ea506ab5e6b43030ef8e1ca00c2ba

    • SSDEEP

      1536:I4d9dseIOc+93bIvYvZEyF4EEOF6N4yS+AQmZMnOHBRzU:IIdseIO+EZEyFjEOFqTiQmGnOHjzU

    • Neconyd

      Neconyd is a trojan written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks