neconyd | 01ea631963c39312dce4856b1b54aabc229e2651a5786cc8f631d4a1b1d7aa39 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

01ea631963c39312dce4856b1b54aabc229e2651a5786cc8f631d4a1b1d7aa39N
Size

96KB
Sample

240919-rdfd5ssbpd
MD5

ab5583e0e923e990485351f4b61f3370
SHA1

087c3c1c65f131203d8a865be033c9dd9778e429
SHA256

01ea631963c39312dce4856b1b54aabc229e2651a5786cc8f631d4a1b1d7aa39
SHA512

261608cbcbd2c78fa0f758044af08e9d233c9df74db80c503c76a267e52b18845c3b17eb9244b0d04cbc6cd63f73f789f779065ec69459d07aa891c20b0c79cf
SSDEEP

1536:QnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:QGs8cd8eXlYairZYqMddH13L

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  01ea631963c39312dce4856b1b54aabc229e2651a5786cc8f631d4a1b1d7aa39N
- Size
  
  96KB
- MD5
  
  ab5583e0e923e990485351f4b61f3370
- SHA1
  
  087c3c1c65f131203d8a865be033c9dd9778e429
- SHA256
  
  01ea631963c39312dce4856b1b54aabc229e2651a5786cc8f631d4a1b1d7aa39
- SHA512
  
  261608cbcbd2c78fa0f758044af08e9d233c9df74db80c503c76a267e52b18845c3b17eb9244b0d04cbc6cd63f73f789f779065ec69459d07aa891c20b0c79cf
- SSDEEP
  
  1536:QnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:QGs8cd8eXlYairZYqMddH13L
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan