neconyd | c19c8da73fc72e9880756df959a15c966b5b3b5acb35d2e5194dd3682311847f | Triage

Sharing

General

Target

c19c8da73fc72e9880756df959a15c966b5b3b5acb35d2e5194dd3682311847f
Size

96KB
Sample

241126-dzf1xasjfz
MD5

b331a69f26466d0aa3c49f9cc46e3b2a
SHA1

dc228cdfab53f9d68316f692d9e1de2dc6ef6e3a
SHA256

c19c8da73fc72e9880756df959a15c966b5b3b5acb35d2e5194dd3682311847f
SHA512

3ce01ff2d8eb2b0a0a24448d52710919edc65623a2ec08c347d9cb9232c6e16d169da4de6e71e19713e731b302e7b3f80642ec8b601104e392e12c682eff7a4f
SSDEEP

1536:XnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxB:XGs8cd8eXlYairZYqMddH13B

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  c19c8da73fc72e9880756df959a15c966b5b3b5acb35d2e5194dd3682311847f
- Size
  
  96KB
- MD5
  
  b331a69f26466d0aa3c49f9cc46e3b2a
- SHA1
  
  dc228cdfab53f9d68316f692d9e1de2dc6ef6e3a
- SHA256
  
  c19c8da73fc72e9880756df959a15c966b5b3b5acb35d2e5194dd3682311847f
- SHA512
  
  3ce01ff2d8eb2b0a0a24448d52710919edc65623a2ec08c347d9cb9232c6e16d169da4de6e71e19713e731b302e7b3f80642ec8b601104e392e12c682eff7a4f
- SSDEEP
  
  1536:XnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxB:XGs8cd8eXlYairZYqMddH13B
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan