neconyd | 44069e8ca902004647f0f557a92a4d273e6942ecc88f9b44687c2e8a9cb2ec17 | Triage

Sharing

General

Target

44069e8ca902004647f0f557a92a4d273e6942ecc88f9b44687c2e8a9cb2ec17.exe
Size

96KB
Sample

241201-zwsfes1rcw
MD5

3f1bd47cf849006f14844a2e79352954
SHA1

b186553da22bd16e8ff4d72743d8533cfe9667dd
SHA256

44069e8ca902004647f0f557a92a4d273e6942ecc88f9b44687c2e8a9cb2ec17
SHA512

baf93d533d0c680620d665fdf1b6e16770b6273709d71c4ca4a2c6132d2d18aec12db1a6a93fbac3c5b0b9fbd53ad39113cb889de090706acb969ac695d11d42
SSDEEP

1536:lnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxD:lGs8cd8eXlYairZYqMddH13D

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  44069e8ca902004647f0f557a92a4d273e6942ecc88f9b44687c2e8a9cb2ec17.exe
- Size
  
  96KB
- MD5
  
  3f1bd47cf849006f14844a2e79352954
- SHA1
  
  b186553da22bd16e8ff4d72743d8533cfe9667dd
- SHA256
  
  44069e8ca902004647f0f557a92a4d273e6942ecc88f9b44687c2e8a9cb2ec17
- SHA512
  
  baf93d533d0c680620d665fdf1b6e16770b6273709d71c4ca4a2c6132d2d18aec12db1a6a93fbac3c5b0b9fbd53ad39113cb889de090706acb969ac695d11d42
- SSDEEP
  
  1536:lnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxD:lGs8cd8eXlYairZYqMddH13D
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan