neconyd | 05795e6f19d86540deee50ed78b0fb586e4df85da14b5fa4d0e547ac6bbe16c6 | Triage

Sharing

General

Target

05795e6f19d86540deee50ed78b0fb586e4df85da14b5fa4d0e547ac6bbe16c6N.exe
Size

96KB
Sample

250108-ajxryavpgv
MD5

987c54fdd083d17c17554d5be2d45b50
SHA1

cfea6bab95d0b94863a475ad95ed9c9c19fc64a6
SHA256

05795e6f19d86540deee50ed78b0fb586e4df85da14b5fa4d0e547ac6bbe16c6
SHA512

63a2a73a4cae5582d98c78ec5bc58f8dcc90abe83a042a3553766abe3a479fea5a0b9155a9dbfc3853b10e3ad2a2baf7e3fde38f96a6844cca78e8da275da8d8
SSDEEP

1536:znAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:zGs8cd8eXlYairZYqMddH13L

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  05795e6f19d86540deee50ed78b0fb586e4df85da14b5fa4d0e547ac6bbe16c6N.exe
- Size
  
  96KB
- MD5
  
  987c54fdd083d17c17554d5be2d45b50
- SHA1
  
  cfea6bab95d0b94863a475ad95ed9c9c19fc64a6
- SHA256
  
  05795e6f19d86540deee50ed78b0fb586e4df85da14b5fa4d0e547ac6bbe16c6
- SHA512
  
  63a2a73a4cae5582d98c78ec5bc58f8dcc90abe83a042a3553766abe3a479fea5a0b9155a9dbfc3853b10e3ad2a2baf7e3fde38f96a6844cca78e8da275da8d8
- SSDEEP
  
  1536:znAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:zGs8cd8eXlYairZYqMddH13L
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan