neconyd | 44597dbe262e10361698e2f16e5e43b8beabd0d730e83a7c211833fc2fcb8699 | Triage

Sharing

General

Target

44597dbe262e10361698e2f16e5e43b8beabd0d730e83a7c211833fc2fcb8699N.exe
Size

134KB
Sample

241218-mvc8wsvrht
MD5

bd6ce6b625fe5fbbad2e65eb4db34a40
SHA1

0215172cc69119d8f0f088b58f64c5a281f44fef
SHA256

44597dbe262e10361698e2f16e5e43b8beabd0d730e83a7c211833fc2fcb8699
SHA512

7e2654c3b984a9298284e60bfb0f6adabe78c5d2516c06ce0c6e02cd402a91254a92259c3bb8c03e4af419b9a83173ae216b5f920194498e9dba3128ee4c0f92
SSDEEP

1536:bDfDbhERTatPLTH0NqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwC7l:XiRTeH0NqAW6J6f1tqF6dngNmaZC7Mc

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  44597dbe262e10361698e2f16e5e43b8beabd0d730e83a7c211833fc2fcb8699N.exe
- Size
  
  134KB
- MD5
  
  bd6ce6b625fe5fbbad2e65eb4db34a40
- SHA1
  
  0215172cc69119d8f0f088b58f64c5a281f44fef
- SHA256
  
  44597dbe262e10361698e2f16e5e43b8beabd0d730e83a7c211833fc2fcb8699
- SHA512
  
  7e2654c3b984a9298284e60bfb0f6adabe78c5d2516c06ce0c6e02cd402a91254a92259c3bb8c03e4af419b9a83173ae216b5f920194498e9dba3128ee4c0f92
- SSDEEP
  
  1536:bDfDbhERTatPLTH0NqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwC7l:XiRTeH0NqAW6J6f1tqF6dngNmaZC7Mc
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan