neconyd | d567149e7f9db578098e549c133a64e5ef667e4d8d0162cc0dc8e4843df4f4af | Triage

Sharing

General

Target

d567149e7f9db578098e549c133a64e5ef667e4d8d0162cc0dc8e4843df4f4afN.exe
Size

96KB
Sample

250101-ywhqjs1rfs
MD5

cdf57d994164384fb8b40d761e0e8c20
SHA1

b5d25a35f2f60224e5428d74890b00bc42ba645c
SHA256

d567149e7f9db578098e549c133a64e5ef667e4d8d0162cc0dc8e4843df4f4af
SHA512

843a9b5f48c094854229c6ee3d775134b3fcdc0480f9b01677c40162aa375c5312febd6d54cd8446925481176c0774235fe5d78435ac6e540dfbe9fe2358a6b4
SSDEEP

1536:1nAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxz:1Gs8cd8eXlYairZYqMddH13z

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  d567149e7f9db578098e549c133a64e5ef667e4d8d0162cc0dc8e4843df4f4afN.exe
- Size
  
  96KB
- MD5
  
  cdf57d994164384fb8b40d761e0e8c20
- SHA1
  
  b5d25a35f2f60224e5428d74890b00bc42ba645c
- SHA256
  
  d567149e7f9db578098e549c133a64e5ef667e4d8d0162cc0dc8e4843df4f4af
- SHA512
  
  843a9b5f48c094854229c6ee3d775134b3fcdc0480f9b01677c40162aa375c5312febd6d54cd8446925481176c0774235fe5d78435ac6e540dfbe9fe2358a6b4
- SSDEEP
  
  1536:1nAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxz:1Gs8cd8eXlYairZYqMddH13z
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan