neconyd | 6f4a44c7d35ba1af57e115c6f7b32b693e08cb6d777aba72a6d46c93141d3c95 | Triage

Sharing

General

Target

6f4a44c7d35ba1af57e115c6f7b32b693e08cb6d777aba72a6d46c93141d3c95
Size

96KB
Sample

250102-ancybsvlcm
MD5

45ec69aea194e3c952bf2bb1e2831a13
SHA1

23700639bd45852d86460434e69b1d73331c07f1
SHA256

6f4a44c7d35ba1af57e115c6f7b32b693e08cb6d777aba72a6d46c93141d3c95
SHA512

e66ffcbaf83a8966e08dd3e2e0727caeac1df91b220841fb40a72a36dc538a28c79a45010582e7c31f62c7bcb078a347587396be8aa11b818ff1ef4d5b9e1920
SSDEEP

1536:BnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxz:BGs8cd8eXlYairZYqMddH13z

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  6f4a44c7d35ba1af57e115c6f7b32b693e08cb6d777aba72a6d46c93141d3c95
- Size
  
  96KB
- MD5
  
  45ec69aea194e3c952bf2bb1e2831a13
- SHA1
  
  23700639bd45852d86460434e69b1d73331c07f1
- SHA256
  
  6f4a44c7d35ba1af57e115c6f7b32b693e08cb6d777aba72a6d46c93141d3c95
- SHA512
  
  e66ffcbaf83a8966e08dd3e2e0727caeac1df91b220841fb40a72a36dc538a28c79a45010582e7c31f62c7bcb078a347587396be8aa11b818ff1ef4d5b9e1920
- SSDEEP
  
  1536:BnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxz:BGs8cd8eXlYairZYqMddH13z
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan