neconyd | f62dd28b70e286b2e2a82d2a78ceba0816397a929971d62a0f363da4ffc728dc | Triage

Sharing

General

Target

f62dd28b70e286b2e2a82d2a78ceba0816397a929971d62a0f363da4ffc728dc.exe
Size

96KB
Sample

250120-1bcd5szner
MD5

259ab1d3bccdf0c804bc85e2989abbe8
SHA1

675d88b782b4e9239d4a4f6d1173c74ecec23221
SHA256

f62dd28b70e286b2e2a82d2a78ceba0816397a929971d62a0f363da4ffc728dc
SHA512

06ebf6cf3f8886b1ba8bd91162e7b0c442798fa703ca5a1ad5d40d6d9dae38e43e447387f9251f310502de97466e0c6eb88b3a49fb727fa5c9e5cc4ef7cd2fad
SSDEEP

1536:4nAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxr:4Gs8cd8eXlYairZYqMddH13r

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  f62dd28b70e286b2e2a82d2a78ceba0816397a929971d62a0f363da4ffc728dc.exe
- Size
  
  96KB
- MD5
  
  259ab1d3bccdf0c804bc85e2989abbe8
- SHA1
  
  675d88b782b4e9239d4a4f6d1173c74ecec23221
- SHA256
  
  f62dd28b70e286b2e2a82d2a78ceba0816397a929971d62a0f363da4ffc728dc
- SHA512
  
  06ebf6cf3f8886b1ba8bd91162e7b0c442798fa703ca5a1ad5d40d6d9dae38e43e447387f9251f310502de97466e0c6eb88b3a49fb727fa5c9e5cc4ef7cd2fad
- SSDEEP
  
  1536:4nAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxr:4Gs8cd8eXlYairZYqMddH13r
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan