neconyd | ed32ab03e84d733dfce6abd10965a0078ce51e508e4fad93ff2b4d7b6dd6fb2c | Triage

Sharing

General

Target

ed32ab03e84d733dfce6abd10965a0078ce51e508e4fad93ff2b4d7b6dd6fb2c.exe
Size

96KB
Sample

241123-kf5y9a1rbs
MD5

213802d4c490fe65e042f0c4061f8e1b
SHA1

46675495a4e630675ebf08b20d0b1fa2c7be3d0a
SHA256

ed32ab03e84d733dfce6abd10965a0078ce51e508e4fad93ff2b4d7b6dd6fb2c
SHA512

263f46e4edc98666b8f2ff972e216d778c395bfa2eb82ec2974bccb293515ea2f66a2cd1c54d4fd4f9b31564471eb22eb495a4125b92b5598583e1d1c0c83422
SSDEEP

1536:0nAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxT:0Gs8cd8eXlYairZYqMddH13T

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  ed32ab03e84d733dfce6abd10965a0078ce51e508e4fad93ff2b4d7b6dd6fb2c.exe
- Size
  
  96KB
- MD5
  
  213802d4c490fe65e042f0c4061f8e1b
- SHA1
  
  46675495a4e630675ebf08b20d0b1fa2c7be3d0a
- SHA256
  
  ed32ab03e84d733dfce6abd10965a0078ce51e508e4fad93ff2b4d7b6dd6fb2c
- SHA512
  
  263f46e4edc98666b8f2ff972e216d778c395bfa2eb82ec2974bccb293515ea2f66a2cd1c54d4fd4f9b31564471eb22eb495a4125b92b5598583e1d1c0c83422
- SSDEEP
  
  1536:0nAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxT:0Gs8cd8eXlYairZYqMddH13T
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan