neconyd | 66879b508276e9461d60f045aa18035a6fddc41cc0dfbdf761584110233d8a1f | Triage

Sharing

General

Target

66879b508276e9461d60f045aa18035a6fddc41cc0dfbdf761584110233d8a1fN.exe
Size

134KB
Sample

241207-yrj3ta1ke1
MD5

da15a332b8cf2a85cbc1936c57bfc550
SHA1

b5037b8f1db6eba5bfff0be57f8a531f6bfcb78b
SHA256

66879b508276e9461d60f045aa18035a6fddc41cc0dfbdf761584110233d8a1f
SHA512

5231cc1cf1e80fe4fa665c4ae8944da68c4d0bc0184af7b5b3adba025caaba1285cadb9dee3e49fb2b85cad03b34fb9b6c1cb4d98329d1662ada3396627df81c
SSDEEP

1536:gDfDbhERTatPLTH0NqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwC7M:WiRTeH0NqAW6J6f1tqF6dngNmaZC7M

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  66879b508276e9461d60f045aa18035a6fddc41cc0dfbdf761584110233d8a1fN.exe
- Size
  
  134KB
- MD5
  
  da15a332b8cf2a85cbc1936c57bfc550
- SHA1
  
  b5037b8f1db6eba5bfff0be57f8a531f6bfcb78b
- SHA256
  
  66879b508276e9461d60f045aa18035a6fddc41cc0dfbdf761584110233d8a1f
- SHA512
  
  5231cc1cf1e80fe4fa665c4ae8944da68c4d0bc0184af7b5b3adba025caaba1285cadb9dee3e49fb2b85cad03b34fb9b6c1cb4d98329d1662ada3396627df81c
- SSDEEP
  
  1536:gDfDbhERTatPLTH0NqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwC7M:WiRTeH0NqAW6J6f1tqF6dngNmaZC7M
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan