neconyd | 30ffcee02f052119d3c030a12ac8133bca285e90e1fcaec61473cbf07e859ac6 | Triage

Sharing

General

Target

30ffcee02f052119d3c030a12ac8133bca285e90e1fcaec61473cbf07e859ac6N.exe
Size

134KB
Sample

250103-s2fv9atqam
MD5

af5922b2a0fe5629a03231e9b22004d0
SHA1

3f2787307b8485d8dc43ad0a1a7bff05a01eec2a
SHA256

30ffcee02f052119d3c030a12ac8133bca285e90e1fcaec61473cbf07e859ac6
SHA512

19c258c9b424fcf84a53065d906f093e2b69607c3d0cecfca0f2814f12b91318bf71848d04b7081f8f7c2492d0d9d62358fae44ea285ec6ca368de8fe51296c6
SSDEEP

1536:aDfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCia:8iRTeH0iqAW6J6f1tqF6dngNmaZCia

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  30ffcee02f052119d3c030a12ac8133bca285e90e1fcaec61473cbf07e859ac6N.exe
- Size
  
  134KB
- MD5
  
  af5922b2a0fe5629a03231e9b22004d0
- SHA1
  
  3f2787307b8485d8dc43ad0a1a7bff05a01eec2a
- SHA256
  
  30ffcee02f052119d3c030a12ac8133bca285e90e1fcaec61473cbf07e859ac6
- SHA512
  
  19c258c9b424fcf84a53065d906f093e2b69607c3d0cecfca0f2814f12b91318bf71848d04b7081f8f7c2492d0d9d62358fae44ea285ec6ca368de8fe51296c6
- SSDEEP
  
  1536:aDfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCia:8iRTeH0iqAW6J6f1tqF6dngNmaZCia
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan