Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    f9dbeeed5beba8aca4e7d4207719925724c89a643479a5dfc1cea2a5517b71d4N

  • Size

    134KB

  • Sample

    241005-trnc1swhlj

  • MD5

    5cf128e2139b580fd6b33ea1efa43ae0

  • SHA1

    8ce6f2b0ead61caca11efdd3b7d4ce7dbb04c636

  • SHA256

    f9dbeeed5beba8aca4e7d4207719925724c89a643479a5dfc1cea2a5517b71d4

  • SHA512

    c6cebabac412e9c6c3edf31aba092a72c5100ec95f2c772dc3c10dd258de1ac93103280b6ed91ac94b0fb07f0abec3fbd05cb2614f5a1f73616e2face399d224

  • SSDEEP

    1536:+DfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCia:giRTeH0iqAW6J6f1tqF6dngNmaZCia

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      f9dbeeed5beba8aca4e7d4207719925724c89a643479a5dfc1cea2a5517b71d4N

    • Size

      134KB

    • MD5

      5cf128e2139b580fd6b33ea1efa43ae0

    • SHA1

      8ce6f2b0ead61caca11efdd3b7d4ce7dbb04c636

    • SHA256

      f9dbeeed5beba8aca4e7d4207719925724c89a643479a5dfc1cea2a5517b71d4

    • SHA512

      c6cebabac412e9c6c3edf31aba092a72c5100ec95f2c772dc3c10dd258de1ac93103280b6ed91ac94b0fb07f0abec3fbd05cb2614f5a1f73616e2face399d224

    • SSDEEP

      1536:+DfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCia:giRTeH0iqAW6J6f1tqF6dngNmaZCia

    • Neconyd

      Neconyd is a trojan written in C++.

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks