neconyd | 5b6afba70a8d5691416db3cbb1c9b2a17796f271903875ad4f2d7df77278bd86 | Triage

Sharing

General

Target

5b6afba70a8d5691416db3cbb1c9b2a17796f271903875ad4f2d7df77278bd86N.exe
Size

96KB
Sample

250116-f8xq5avjbx
MD5

f89d8b35e56a6926f3c5d25275bc8910
SHA1

099635ff50bfe326939885dbb18e6e49ffecd519
SHA256

5b6afba70a8d5691416db3cbb1c9b2a17796f271903875ad4f2d7df77278bd86
SHA512

f1170e262bddfefb3681c5acfd9b6458ad4385719700739e5280ee861223ea25e41ecb09ce215c61ddd254af4215599c532a7f4bd313049bd4af6a0cfe9f4522
SSDEEP

1536:EnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxx:EGs8cd8eXlYairZYqMddH13x

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  5b6afba70a8d5691416db3cbb1c9b2a17796f271903875ad4f2d7df77278bd86N.exe
- Size
  
  96KB
- MD5
  
  f89d8b35e56a6926f3c5d25275bc8910
- SHA1
  
  099635ff50bfe326939885dbb18e6e49ffecd519
- SHA256
  
  5b6afba70a8d5691416db3cbb1c9b2a17796f271903875ad4f2d7df77278bd86
- SHA512
  
  f1170e262bddfefb3681c5acfd9b6458ad4385719700739e5280ee861223ea25e41ecb09ce215c61ddd254af4215599c532a7f4bd313049bd4af6a0cfe9f4522
- SSDEEP
  
  1536:EnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxx:EGs8cd8eXlYairZYqMddH13x
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan