neconyd | c0b4fe6f3f8b7d38cff4480d067f32f50f3bf1858b94219f3520c4818784ebfe | Triage

Sharing

General

Target

c0b4fe6f3f8b7d38cff4480d067f32f50f3bf1858b94219f3520c4818784ebfeN.exe
Size

96KB
Sample

250104-amg6na1lhw
MD5

eba5577bdcc8429e4fc573ed479ca6e0
SHA1

2af7c176d2d26d5bd7b68f6454798c500d502db1
SHA256

c0b4fe6f3f8b7d38cff4480d067f32f50f3bf1858b94219f3520c4818784ebfe
SHA512

0c9e5399d2d88770f38f0078581b534e89ca57a67639dfe1d89104a94333b3f59e39af23bd8323fc570cbb6337b92107cc6aa8402c3e4b69445222ce9d7a80bc
SSDEEP

1536:hnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:hGs8cd8eXlYairZYqMddH13L

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  c0b4fe6f3f8b7d38cff4480d067f32f50f3bf1858b94219f3520c4818784ebfeN.exe
- Size
  
  96KB
- MD5
  
  eba5577bdcc8429e4fc573ed479ca6e0
- SHA1
  
  2af7c176d2d26d5bd7b68f6454798c500d502db1
- SHA256
  
  c0b4fe6f3f8b7d38cff4480d067f32f50f3bf1858b94219f3520c4818784ebfe
- SHA512
  
  0c9e5399d2d88770f38f0078581b534e89ca57a67639dfe1d89104a94333b3f59e39af23bd8323fc570cbb6337b92107cc6aa8402c3e4b69445222ce9d7a80bc
- SSDEEP
  
  1536:hnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:hGs8cd8eXlYairZYqMddH13L
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan