neconyd | c8636245592636c046a34dc6224d2effd43fd77c55eb698dbad6cee26949e44f | Triage

Sharing

General

Target

c8636245592636c046a34dc6224d2effd43fd77c55eb698dbad6cee26949e44f
Size

134KB
Sample

241217-dpwcvaymcy
MD5

99f410fed3e2f4cd72d4f981b889e7bc
SHA1

76b150567a0e0abe420674417fdfb05fd8cef31c
SHA256

c8636245592636c046a34dc6224d2effd43fd77c55eb698dbad6cee26949e44f
SHA512

ba78db0e847cef3fed4fa46be2d74809ab8818beee1e1943318ae3121df71dc8edae15ba16d793bdbeeb92e7051e5a8c6d74918e32d06c2219ba0b03e13e8d27
SSDEEP

1536:DDfDbhERTatPLTH0NqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwC7l:PiRTeH0NqAW6J6f1tqF6dngNmaZC7Mc

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  c8636245592636c046a34dc6224d2effd43fd77c55eb698dbad6cee26949e44f
- Size
  
  134KB
- MD5
  
  99f410fed3e2f4cd72d4f981b889e7bc
- SHA1
  
  76b150567a0e0abe420674417fdfb05fd8cef31c
- SHA256
  
  c8636245592636c046a34dc6224d2effd43fd77c55eb698dbad6cee26949e44f
- SHA512
  
  ba78db0e847cef3fed4fa46be2d74809ab8818beee1e1943318ae3121df71dc8edae15ba16d793bdbeeb92e7051e5a8c6d74918e32d06c2219ba0b03e13e8d27
- SSDEEP
  
  1536:DDfDbhERTatPLTH0NqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwC7l:PiRTeH0NqAW6J6f1tqF6dngNmaZC7Mc
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan