neconyd | db7a84a0a9b75e881d6978b0280189748f4cfeb8329c12ac99b3b1885f72a3ae | Triage

Sharing

General

Target

db7a84a0a9b75e881d6978b0280189748f4cfeb8329c12ac99b3b1885f72a3aeN.exe
Size

96KB
Sample

241126-3bvlts1pem
MD5

8c25e60ad60f4e68592180027bdac740
SHA1

9d6237c18d8fd7a8c1facb6f117f6bb72a9e4c81
SHA256

db7a84a0a9b75e881d6978b0280189748f4cfeb8329c12ac99b3b1885f72a3ae
SHA512

986b3214767b9b0c7fcc7eb044fc5563ee9b54b29664a01b242ebdedecc10007d819c2e903cf55c4089cc79d7f43eb6685e101793142f04cfdf498f4c63701e0
SSDEEP

1536:anAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:aGs8cd8eXlYairZYqMddH13L

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  db7a84a0a9b75e881d6978b0280189748f4cfeb8329c12ac99b3b1885f72a3aeN.exe
- Size
  
  96KB
- MD5
  
  8c25e60ad60f4e68592180027bdac740
- SHA1
  
  9d6237c18d8fd7a8c1facb6f117f6bb72a9e4c81
- SHA256
  
  db7a84a0a9b75e881d6978b0280189748f4cfeb8329c12ac99b3b1885f72a3ae
- SHA512
  
  986b3214767b9b0c7fcc7eb044fc5563ee9b54b29664a01b242ebdedecc10007d819c2e903cf55c4089cc79d7f43eb6685e101793142f04cfdf498f4c63701e0
- SSDEEP
  
  1536:anAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:aGs8cd8eXlYairZYqMddH13L
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan