neconyd | 5f21c755308d6f97c3e2c728919674b97e1a8aa1bdc1ac7cbff65f84833cd825 | Triage

Sharing

General

Target

5f21c755308d6f97c3e2c728919674b97e1a8aa1bdc1ac7cbff65f84833cd825N.exe
Size

96KB
Sample

241216-gyxh2sxpbx
MD5

b68f49ecd7ced38a0036962cdefc7370
SHA1

2506566a81706d4432705bb7ea662bb4bc5b66cb
SHA256

5f21c755308d6f97c3e2c728919674b97e1a8aa1bdc1ac7cbff65f84833cd825
SHA512

5a712b5a0b1782a95ef26d206872a3f27f5f1fea9f1939284e834fcceb55175d32350059d630d59ca19ce8e9164419a9930c60f5b9b02c58ae753ee216398ba7
SSDEEP

1536:snAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:sGs8cd8eXlYairZYqMddH13L

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  5f21c755308d6f97c3e2c728919674b97e1a8aa1bdc1ac7cbff65f84833cd825N.exe
- Size
  
  96KB
- MD5
  
  b68f49ecd7ced38a0036962cdefc7370
- SHA1
  
  2506566a81706d4432705bb7ea662bb4bc5b66cb
- SHA256
  
  5f21c755308d6f97c3e2c728919674b97e1a8aa1bdc1ac7cbff65f84833cd825
- SHA512
  
  5a712b5a0b1782a95ef26d206872a3f27f5f1fea9f1939284e834fcceb55175d32350059d630d59ca19ce8e9164419a9930c60f5b9b02c58ae753ee216398ba7
- SSDEEP
  
  1536:snAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:sGs8cd8eXlYairZYqMddH13L
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan