neconyd | e38d5be26e5e28d04d78b42898a881c2c38c7c3d3364a9bc0214ab62f6e0e8f3 | Triage

Sharing

General

Target

e38d5be26e5e28d04d78b42898a881c2c38c7c3d3364a9bc0214ab62f6e0e8f3
Size

96KB
Sample

241127-ffg5zavkgn
MD5

2b32d2832eb8548a895dbc2601b8a466
SHA1

894ae484347b6df1d07e1c3811cde83308d08329
SHA256

e38d5be26e5e28d04d78b42898a881c2c38c7c3d3364a9bc0214ab62f6e0e8f3
SHA512

f64a78d79f22d9f0c1550363777084537275dd351f33d2c272791b8ac1a43e92c57fdb104fa8131d134fec4bf6bd14e8fcbc51dfe00c1a9ccdb3d45b71041bef
SSDEEP

1536:0nAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxh:0Gs8cd8eXlYairZYqMddH13h

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  e38d5be26e5e28d04d78b42898a881c2c38c7c3d3364a9bc0214ab62f6e0e8f3
- Size
  
  96KB
- MD5
  
  2b32d2832eb8548a895dbc2601b8a466
- SHA1
  
  894ae484347b6df1d07e1c3811cde83308d08329
- SHA256
  
  e38d5be26e5e28d04d78b42898a881c2c38c7c3d3364a9bc0214ab62f6e0e8f3
- SHA512
  
  f64a78d79f22d9f0c1550363777084537275dd351f33d2c272791b8ac1a43e92c57fdb104fa8131d134fec4bf6bd14e8fcbc51dfe00c1a9ccdb3d45b71041bef
- SSDEEP
  
  1536:0nAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxh:0Gs8cd8eXlYairZYqMddH13h
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan