neconyd | dd397e4bfb6917e97f317cf291b601fb7dfad59cc4bf77077ec503caa7ba9a98 | Triage

Sharing

General

Target

dd397e4bfb6917e97f317cf291b601fb7dfad59cc4bf77077ec503caa7ba9a98N.exe
Size

96KB
Sample

241203-mqsg1s1qev
MD5

546e3573ac5bff547811b44fb4ec56e0
SHA1

d0ea09b1c9554d0b59ecd0e87195297d82b7057c
SHA256

dd397e4bfb6917e97f317cf291b601fb7dfad59cc4bf77077ec503caa7ba9a98
SHA512

bace3256111add09e8eb5399e0a0e1c80367fbdb7d86ecad8dc1fd217fe89ed1804b1402951335ed82657f37407d76c26653b68f6ab806390b925ff714f8ca9d
SSDEEP

1536:OnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxq:OGs8cd8eXlYairZYqMddH13q

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  dd397e4bfb6917e97f317cf291b601fb7dfad59cc4bf77077ec503caa7ba9a98N.exe
- Size
  
  96KB
- MD5
  
  546e3573ac5bff547811b44fb4ec56e0
- SHA1
  
  d0ea09b1c9554d0b59ecd0e87195297d82b7057c
- SHA256
  
  dd397e4bfb6917e97f317cf291b601fb7dfad59cc4bf77077ec503caa7ba9a98
- SHA512
  
  bace3256111add09e8eb5399e0a0e1c80367fbdb7d86ecad8dc1fd217fe89ed1804b1402951335ed82657f37407d76c26653b68f6ab806390b925ff714f8ca9d
- SSDEEP
  
  1536:OnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxq:OGs8cd8eXlYairZYqMddH13q
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan