neconyd | fecaaa14640d1168431884116993ffe918a5a8bfcf40be518b2e8db53975e39e | Triage

Sharing

General

Target

fecaaa14640d1168431884116993ffe918a5a8bfcf40be518b2e8db53975e39e
Size

96KB
Sample

241207-fhatnsxjfv
MD5

6ced5dec9139ac608aa89bdc528bc2ae
SHA1

ee1ab36b4ac0a9b1726ba0a6b2a555a04cfc7ed6
SHA256

fecaaa14640d1168431884116993ffe918a5a8bfcf40be518b2e8db53975e39e
SHA512

3f2eb264fc7b36f5782e6effe2c9b5df3534bd425103cb9135828c7cc5826d6b692bc2fc9193fd83a17f88c0a212ba6219e61cb17326b71c1c515d0cdc7f5244
SSDEEP

1536:WnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxr:WGs8cd8eXlYairZYqMddH13r

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  fecaaa14640d1168431884116993ffe918a5a8bfcf40be518b2e8db53975e39e
- Size
  
  96KB
- MD5
  
  6ced5dec9139ac608aa89bdc528bc2ae
- SHA1
  
  ee1ab36b4ac0a9b1726ba0a6b2a555a04cfc7ed6
- SHA256
  
  fecaaa14640d1168431884116993ffe918a5a8bfcf40be518b2e8db53975e39e
- SHA512
  
  3f2eb264fc7b36f5782e6effe2c9b5df3534bd425103cb9135828c7cc5826d6b692bc2fc9193fd83a17f88c0a212ba6219e61cb17326b71c1c515d0cdc7f5244
- SSDEEP
  
  1536:WnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxr:WGs8cd8eXlYairZYqMddH13r
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan