neconyd | 0e04fd83bb4501b231e663a8d3c6826d0ba888027f74be4e057d313e10a8aa9e | Triage

Sharing

General

Target

0e04fd83bb4501b231e663a8d3c6826d0ba888027f74be4e057d313e10a8aa9e.exe
Size

96KB
Sample

241211-a8jxdaslel
MD5

14d561cfa5fce0bd354d39de071973ae
SHA1

15902cd3741f7e31a29660bbff5459e1d5a076a0
SHA256

0e04fd83bb4501b231e663a8d3c6826d0ba888027f74be4e057d313e10a8aa9e
SHA512

79075baf6cecece7a68afbe0d601d44e8af107a79a31bfd1d6f0c9633c5a5539b19ed0d57e6d8c1ab834aa29952dd5d66eafa44bdaf42417dd4b9599a4661629
SSDEEP

1536:QnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxz:QGs8cd8eXlYairZYqMddH13z

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  0e04fd83bb4501b231e663a8d3c6826d0ba888027f74be4e057d313e10a8aa9e.exe
- Size
  
  96KB
- MD5
  
  14d561cfa5fce0bd354d39de071973ae
- SHA1
  
  15902cd3741f7e31a29660bbff5459e1d5a076a0
- SHA256
  
  0e04fd83bb4501b231e663a8d3c6826d0ba888027f74be4e057d313e10a8aa9e
- SHA512
  
  79075baf6cecece7a68afbe0d601d44e8af107a79a31bfd1d6f0c9633c5a5539b19ed0d57e6d8c1ab834aa29952dd5d66eafa44bdaf42417dd4b9599a4661629
- SSDEEP
  
  1536:QnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxz:QGs8cd8eXlYairZYqMddH13z
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan