neconyd | 0b6470481c45cd4a6249392fd7883a7f56903f5acc179067b143c9e181f3e5ab | Triage

Sharing

General

Target

0b6470481c45cd4a6249392fd7883a7f56903f5acc179067b143c9e181f3e5ab.exe
Size

96KB
Sample

241205-d3wkrswqgz
MD5

be095d6a35f74016d38c678c56c1db7c
SHA1

737a8686c0a9931aba32241d56ec241ee57b65d6
SHA256

0b6470481c45cd4a6249392fd7883a7f56903f5acc179067b143c9e181f3e5ab
SHA512

75d2a3e581cf119ca9e33725c6ebc0e515b2f14e1a27d64d47ed7c4bec71b50cfb5587843dec40b938af8a562aa42eaa198a915cc22eabdbc84e68f9033d5a89
SSDEEP

1536:znAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxR:zGs8cd8eXlYairZYqMddH13R

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  0b6470481c45cd4a6249392fd7883a7f56903f5acc179067b143c9e181f3e5ab.exe
- Size
  
  96KB
- MD5
  
  be095d6a35f74016d38c678c56c1db7c
- SHA1
  
  737a8686c0a9931aba32241d56ec241ee57b65d6
- SHA256
  
  0b6470481c45cd4a6249392fd7883a7f56903f5acc179067b143c9e181f3e5ab
- SHA512
  
  75d2a3e581cf119ca9e33725c6ebc0e515b2f14e1a27d64d47ed7c4bec71b50cfb5587843dec40b938af8a562aa42eaa198a915cc22eabdbc84e68f9033d5a89
- SSDEEP
  
  1536:znAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxR:zGs8cd8eXlYairZYqMddH13R
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan