Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    dc42a74163cf464f200edf88465381a04341c293548c3621c9c88c911ea90bb1.exe

  • Size

    128KB

  • Sample

    250106-1y7tka1rhn

  • MD5

    73cab011babde57bf8e5e70ac85d2d3d

  • SHA1

    40a2bb1bb24cbc90541cccd9274085e63cc723c7

  • SHA256

    dc42a74163cf464f200edf88465381a04341c293548c3621c9c88c911ea90bb1

  • SHA512

    1d218d1f7a7aa9c2ed37bb249cae28a1077d2a86ea58595213d2c9e53b5cee641c24ca3175a3b6ab987eb75ea6605c4633529eb0388e287febcbfc77e3bda298

  • SSDEEP

    1536:8DfDbhERTatPLTLLbC+8BMNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabaa:iiRTe3n8BMAW6J6f1tqF6dngNmaZr3

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      dc42a74163cf464f200edf88465381a04341c293548c3621c9c88c911ea90bb1.exe

    • Size

      128KB

    • MD5

      73cab011babde57bf8e5e70ac85d2d3d

    • SHA1

      40a2bb1bb24cbc90541cccd9274085e63cc723c7

    • SHA256

      dc42a74163cf464f200edf88465381a04341c293548c3621c9c88c911ea90bb1

    • SHA512

      1d218d1f7a7aa9c2ed37bb249cae28a1077d2a86ea58595213d2c9e53b5cee641c24ca3175a3b6ab987eb75ea6605c4633529eb0388e287febcbfc77e3bda298

    • SSDEEP

      1536:8DfDbhERTatPLTLLbC+8BMNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabaa:iiRTe3n8BMAW6J6f1tqF6dngNmaZr3

    • Neconyd

      Neconyd is a trojan written in C++.

    • Neconyd family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks