neconyd | c01b7fba0c779535f8f189195715fbc8f559a81844c572f5c3f01d6062b79c0e | Triage

Sharing

General

Target

c01b7fba0c779535f8f189195715fbc8f559a81844c572f5c3f01d6062b79c0e
Size

134KB
Sample

250105-fts5dssnf1
MD5

0d00526946b84d34a807a350500ce952
SHA1

6142c3bedab608c18b2b35572541a1047a63abe0
SHA256

c01b7fba0c779535f8f189195715fbc8f559a81844c572f5c3f01d6062b79c0e
SHA512

8aaa25fbe22a86b589495be5ffedb93640e326e587ebd0c1bd6f066d0ade720306ccde6373bd0ec813990c92cf5ef7f87c809bd749222198f0f1db3eef9cb3f1
SSDEEP

1536:bDfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCi9:XiRTeH0iqAW6J6f1tqF6dngNmaZCiaI

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  c01b7fba0c779535f8f189195715fbc8f559a81844c572f5c3f01d6062b79c0e
- Size
  
  134KB
- MD5
  
  0d00526946b84d34a807a350500ce952
- SHA1
  
  6142c3bedab608c18b2b35572541a1047a63abe0
- SHA256
  
  c01b7fba0c779535f8f189195715fbc8f559a81844c572f5c3f01d6062b79c0e
- SHA512
  
  8aaa25fbe22a86b589495be5ffedb93640e326e587ebd0c1bd6f066d0ade720306ccde6373bd0ec813990c92cf5ef7f87c809bd749222198f0f1db3eef9cb3f1
- SSDEEP
  
  1536:bDfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCi9:XiRTeH0iqAW6J6f1tqF6dngNmaZCiaI
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan