neconyd | 07a277f638c29d338001cba09d14f4eb82f4c21c3263de2e53f191e09c85428f | Triage

Sharing

General

Target

07a277f638c29d338001cba09d14f4eb82f4c21c3263de2e53f191e09c85428fN.exe
Size

96KB
Sample

241216-nfmpfsyrfr
MD5

a330bd3ac7399c97c8f0853c3d7f0570
SHA1

513758fdc74147414ffc9f2a883967284e071b82
SHA256

07a277f638c29d338001cba09d14f4eb82f4c21c3263de2e53f191e09c85428f
SHA512

ab784c6b140f313b9a6c7ea93eea4ce4dcc45c0ede881422e39809fd7a36e27b0f2a3d8ea4c30c9cc2e1eb2fcfbee442bf480e0692c0103405e195ea0903859e
SSDEEP

1536:XnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:XGs8cd8eXlYairZYqMddH13L

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  07a277f638c29d338001cba09d14f4eb82f4c21c3263de2e53f191e09c85428fN.exe
- Size
  
  96KB
- MD5
  
  a330bd3ac7399c97c8f0853c3d7f0570
- SHA1
  
  513758fdc74147414ffc9f2a883967284e071b82
- SHA256
  
  07a277f638c29d338001cba09d14f4eb82f4c21c3263de2e53f191e09c85428f
- SHA512
  
  ab784c6b140f313b9a6c7ea93eea4ce4dcc45c0ede881422e39809fd7a36e27b0f2a3d8ea4c30c9cc2e1eb2fcfbee442bf480e0692c0103405e195ea0903859e
- SSDEEP
  
  1536:XnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:XGs8cd8eXlYairZYqMddH13L
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan