General

  • Target

    27d7de0e5fb13a719367aff96a0d5c32d7e0ac8514962b5be62ea50323ceb730N

  • Size

    134KB

  • Sample

    241104-j4r7maxjgt

  • MD5

    e8652612b04bdfeff601676821e6dbb0

  • SHA1

    10ff1ba8513857b41715212f2efa202e06db77c7

  • SHA256

    27d7de0e5fb13a719367aff96a0d5c32d7e0ac8514962b5be62ea50323ceb730

  • SHA512

    5c8ce1cc45116fbc001f3282076837af2637a1feb593a934c48ca8b796da2e36abaf47a10ed93a527ecb286474c6f20241e5eb751b9f0e31298eda1edbd43af5

  • SSDEEP

    1536:QDfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCia:GiRTeH0iqAW6J6f1tqF6dngNmaZCia

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      27d7de0e5fb13a719367aff96a0d5c32d7e0ac8514962b5be62ea50323ceb730N

    • Size

      134KB

    • MD5

      e8652612b04bdfeff601676821e6dbb0

    • SHA1

      10ff1ba8513857b41715212f2efa202e06db77c7

    • SHA256

      27d7de0e5fb13a719367aff96a0d5c32d7e0ac8514962b5be62ea50323ceb730

    • SHA512

      5c8ce1cc45116fbc001f3282076837af2637a1feb593a934c48ca8b796da2e36abaf47a10ed93a527ecb286474c6f20241e5eb751b9f0e31298eda1edbd43af5

    • SSDEEP

      1536:QDfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCia:GiRTeH0iqAW6J6f1tqF6dngNmaZCia

    • Neconyd

      Neconyd is a trojan written in C++.

    • Neconyd family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks