General

  • Target

    a3853861e93889de282be1696e5c1f9b899c5ce93bb35cdd7c78529592c020e2

  • Size

    96KB

  • Sample

    250115-gdzsnsvkfj

  • MD5

    5f183655fa1a1055d33053759abd8b05

  • SHA1

    4757739dd4a1c5e24981a7742807271ecc23b7a1

  • SHA256

    a3853861e93889de282be1696e5c1f9b899c5ce93bb35cdd7c78529592c020e2

  • SHA512

    5b1d8038890af7fc2500dd5a3ac68b10d09c5f7df687d5458c484a18592abef1ec4961106b3f5098e75359fed25f8b21d5047213cb17d75cf73d6f56ecb1a749

  • SSDEEP

    1536:HnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxb:HGs8cd8eXlYairZYqMddH13b

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      a3853861e93889de282be1696e5c1f9b899c5ce93bb35cdd7c78529592c020e2

    • Size

      96KB

    • MD5

      5f183655fa1a1055d33053759abd8b05

    • SHA1

      4757739dd4a1c5e24981a7742807271ecc23b7a1

    • SHA256

      a3853861e93889de282be1696e5c1f9b899c5ce93bb35cdd7c78529592c020e2

    • SHA512

      5b1d8038890af7fc2500dd5a3ac68b10d09c5f7df687d5458c484a18592abef1ec4961106b3f5098e75359fed25f8b21d5047213cb17d75cf73d6f56ecb1a749

    • SSDEEP

      1536:HnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxb:HGs8cd8eXlYairZYqMddH13b

    • Neconyd

      Neconyd is a trojan written in C++.

    • Neconyd family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks