neconyd | b3622fea29fec6888b0d3dc04c4f788ed8f9cceef1029a8e8378f412b76f0947 | Triage

Sharing

General

Target

b3622fea29fec6888b0d3dc04c4f788ed8f9cceef1029a8e8378f412b76f0947N.exe
Size

96KB
Sample

241125-ezlrtsykbt
MD5

c2cab31a81e910d235fa246b3986a3e0
SHA1

c6e907beb0b2720a16b5dedac994af35231b1964
SHA256

b3622fea29fec6888b0d3dc04c4f788ed8f9cceef1029a8e8378f412b76f0947
SHA512

b5dcac08a6e8cc050916b6fc01cbe6d8e681a8c9aec61df045064ee263780f412df348441d21282b2acb1dda465335d97b2a3191fcebbbfabae909b82e76d003
SSDEEP

1536:YnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxx7:YGs8cd8eXlYairZYqMddH137

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  b3622fea29fec6888b0d3dc04c4f788ed8f9cceef1029a8e8378f412b76f0947N.exe
- Size
  
  96KB
- MD5
  
  c2cab31a81e910d235fa246b3986a3e0
- SHA1
  
  c6e907beb0b2720a16b5dedac994af35231b1964
- SHA256
  
  b3622fea29fec6888b0d3dc04c4f788ed8f9cceef1029a8e8378f412b76f0947
- SHA512
  
  b5dcac08a6e8cc050916b6fc01cbe6d8e681a8c9aec61df045064ee263780f412df348441d21282b2acb1dda465335d97b2a3191fcebbbfabae909b82e76d003
- SSDEEP
  
  1536:YnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxx7:YGs8cd8eXlYairZYqMddH137
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan