General

  • Target

    d49e634d2db2eb0ab24ef7fd095a49b1b00d22bcbcb0e1b0a5ce668c07b9e54b.exe

  • Size

    134KB

  • Sample

    241203-xazlhatmaj

  • MD5

    9bb596eea25fc55790d229ed50b29481

  • SHA1

    57169066a43d6507ec26ebde318bc1b6bcf28da8

  • SHA256

    d49e634d2db2eb0ab24ef7fd095a49b1b00d22bcbcb0e1b0a5ce668c07b9e54b

  • SHA512

    c78c20b30b663cfa9c4c99ba0ceed1358a58dba669cc1d6bdc15e4745b7a0900306d35d40b3cb9117bbfd100230a32e53f2fd519e5626e9355422a5f1cee6a88

  • SSDEEP

    1536:sDfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCiN:SiRTeH0iqAW6J6f1tqF6dngNmaZCiaS

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      d49e634d2db2eb0ab24ef7fd095a49b1b00d22bcbcb0e1b0a5ce668c07b9e54b.exe

    • Size

      134KB

    • MD5

      9bb596eea25fc55790d229ed50b29481

    • SHA1

      57169066a43d6507ec26ebde318bc1b6bcf28da8

    • SHA256

      d49e634d2db2eb0ab24ef7fd095a49b1b00d22bcbcb0e1b0a5ce668c07b9e54b

    • SHA512

      c78c20b30b663cfa9c4c99ba0ceed1358a58dba669cc1d6bdc15e4745b7a0900306d35d40b3cb9117bbfd100230a32e53f2fd519e5626e9355422a5f1cee6a88

    • SSDEEP

      1536:sDfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCiN:SiRTeH0iqAW6J6f1tqF6dngNmaZCiaS

    • Neconyd

      Neconyd is a trojan written in C++.

    • Neconyd family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks