neconyd | f07ededc19be542a981198a25ad6a6829c15308df785812563bbd17c2d50dbd4 | Triage

Sharing

General

Target

f07ededc19be542a981198a25ad6a6829c15308df785812563bbd17c2d50dbd4.exe
Size

134KB
Sample

240908-fmrmzszeng
MD5

9205aea8ff8cd99ddc268b15f1abc888
SHA1

b0fc8f277591c61a4db91bbf044256d0d4a658fe
SHA256

f07ededc19be542a981198a25ad6a6829c15308df785812563bbd17c2d50dbd4
SHA512

79f5a905e3ccb45956e243da9542df3f2d5e25ef1b83c44a14bee3a630c2c50357b94735b1d873273de4a5796ec8da20d8783e580d0c950d5a081296cf441f9f
SSDEEP

1536:DDfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCia:PiRTeH0iqAW6J6f1tqF6dngNmaZCia

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  f07ededc19be542a981198a25ad6a6829c15308df785812563bbd17c2d50dbd4.exe
- Size
  
  134KB
- MD5
  
  9205aea8ff8cd99ddc268b15f1abc888
- SHA1
  
  b0fc8f277591c61a4db91bbf044256d0d4a658fe
- SHA256
  
  f07ededc19be542a981198a25ad6a6829c15308df785812563bbd17c2d50dbd4
- SHA512
  
  79f5a905e3ccb45956e243da9542df3f2d5e25ef1b83c44a14bee3a630c2c50357b94735b1d873273de4a5796ec8da20d8783e580d0c950d5a081296cf441f9f
- SSDEEP
  
  1536:DDfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCia:PiRTeH0iqAW6J6f1tqF6dngNmaZCia
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan