neconyd | ca309e5d4406083eb4f18d3f4eaf2651009f1ed7743b08c4e4f4dda9a6484dc5 | Triage

Sharing

General

Target

ca309e5d4406083eb4f18d3f4eaf2651009f1ed7743b08c4e4f4dda9a6484dc5N.exe
Size

96KB
Sample

241208-dyq5gsvpcp
MD5

10f61f9c421a34bd4b180b27b6469830
SHA1

ab92a38f93db4945fd9aee5e2a459090796db73f
SHA256

ca309e5d4406083eb4f18d3f4eaf2651009f1ed7743b08c4e4f4dda9a6484dc5
SHA512

6d3498e3c98caf8701cdf356fbda2ca9d124b8eda3f1d2f22ccd6de5e00b59cb0bccea11a681416a8a8bf5744900e6967e1a1cd0bf67a420cf1471d8a10a8ae8
SSDEEP

1536:VnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxj:VGs8cd8eXlYairZYqMddH13j

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  ca309e5d4406083eb4f18d3f4eaf2651009f1ed7743b08c4e4f4dda9a6484dc5N.exe
- Size
  
  96KB
- MD5
  
  10f61f9c421a34bd4b180b27b6469830
- SHA1
  
  ab92a38f93db4945fd9aee5e2a459090796db73f
- SHA256
  
  ca309e5d4406083eb4f18d3f4eaf2651009f1ed7743b08c4e4f4dda9a6484dc5
- SHA512
  
  6d3498e3c98caf8701cdf356fbda2ca9d124b8eda3f1d2f22ccd6de5e00b59cb0bccea11a681416a8a8bf5744900e6967e1a1cd0bf67a420cf1471d8a10a8ae8
- SSDEEP
  
  1536:VnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxj:VGs8cd8eXlYairZYqMddH13j
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan