neconyd | 2d8e2aa0f4c2421d8d882b20f89f5e4ca17868bf68b9494acf1988445a78a79d | Triage

Sharing

General

Target

2d8e2aa0f4c2421d8d882b20f89f5e4ca17868bf68b9494acf1988445a78a79d.exe
Size

96KB
Sample

241127-m8hqja1lcw
MD5

413943c6ee13467286abb93e4f8959ff
SHA1

5e6200d33110cfb5f18b7ac232dfc05c5b09b61f
SHA256

2d8e2aa0f4c2421d8d882b20f89f5e4ca17868bf68b9494acf1988445a78a79d
SHA512

885e2779c74cd0b6ee8b4731d215301e8f174f9e0f29cdddb19ace8d580c1cfec4252f807b2278972ea0c54ee41ac86c920865d30a825d39499d72be8edd3210
SSDEEP

1536:wnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxx5:wGs8cd8eXlYairZYqMddH135

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  2d8e2aa0f4c2421d8d882b20f89f5e4ca17868bf68b9494acf1988445a78a79d.exe
- Size
  
  96KB
- MD5
  
  413943c6ee13467286abb93e4f8959ff
- SHA1
  
  5e6200d33110cfb5f18b7ac232dfc05c5b09b61f
- SHA256
  
  2d8e2aa0f4c2421d8d882b20f89f5e4ca17868bf68b9494acf1988445a78a79d
- SHA512
  
  885e2779c74cd0b6ee8b4731d215301e8f174f9e0f29cdddb19ace8d580c1cfec4252f807b2278972ea0c54ee41ac86c920865d30a825d39499d72be8edd3210
- SSDEEP
  
  1536:wnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxx5:wGs8cd8eXlYairZYqMddH135
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan