neconyd | fc313d9c708893d2ecf6940916a9da2a63745ca43a4a52be92b353f4084f69f5 | Triage

Sharing

General

Target

fc313d9c708893d2ecf6940916a9da2a63745ca43a4a52be92b353f4084f69f5N.exe
Size

96KB
Sample

250117-vhtzwaxnhq
MD5

0a68231149af2d2de2fc3a35fb3bbc40
SHA1

5ffd534ec88af748dc1f5175113b0f211d40f3af
SHA256

fc313d9c708893d2ecf6940916a9da2a63745ca43a4a52be92b353f4084f69f5
SHA512

86a5cfe53a1735e109c5fac98727be340fa5e89f070e25ebf54ff9fd2fd5fc568f3e9a831c986e26c5b435cc5319e3c1de28d3cfa29e239a29c76ad9f48e4942
SSDEEP

1536:5nAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxu:5Gs8cd8eXlYairZYqMddH13u

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  fc313d9c708893d2ecf6940916a9da2a63745ca43a4a52be92b353f4084f69f5N.exe
- Size
  
  96KB
- MD5
  
  0a68231149af2d2de2fc3a35fb3bbc40
- SHA1
  
  5ffd534ec88af748dc1f5175113b0f211d40f3af
- SHA256
  
  fc313d9c708893d2ecf6940916a9da2a63745ca43a4a52be92b353f4084f69f5
- SHA512
  
  86a5cfe53a1735e109c5fac98727be340fa5e89f070e25ebf54ff9fd2fd5fc568f3e9a831c986e26c5b435cc5319e3c1de28d3cfa29e239a29c76ad9f48e4942
- SSDEEP
  
  1536:5nAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxu:5Gs8cd8eXlYairZYqMddH13u
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan