neconyd | e7fad725bec06f485ee14fcb4a6d17cf079e1ed73a96d2d25fb7d43163e3b92a | Triage

Sharing

General

Target

e7fad725bec06f485ee14fcb4a6d17cf079e1ed73a96d2d25fb7d43163e3b92a
Size

96KB
Sample

250120-rb2jlasnft
MD5

4da9f956e1aaf071e35e95cc5bb6e635
SHA1

6f7054da8b714c013e7664bed814d64a0bb7f77c
SHA256

e7fad725bec06f485ee14fcb4a6d17cf079e1ed73a96d2d25fb7d43163e3b92a
SHA512

8cc9b428c0a646d5a7705622fc709acec0d38a8d17c711f2ba8ed838908085948f7049f1a574d7dc22babec9644354d20c26b3f74603221242e330e144defa8d
SSDEEP

1536:5nAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxz:5Gs8cd8eXlYairZYqMddH13z

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  e7fad725bec06f485ee14fcb4a6d17cf079e1ed73a96d2d25fb7d43163e3b92a
- Size
  
  96KB
- MD5
  
  4da9f956e1aaf071e35e95cc5bb6e635
- SHA1
  
  6f7054da8b714c013e7664bed814d64a0bb7f77c
- SHA256
  
  e7fad725bec06f485ee14fcb4a6d17cf079e1ed73a96d2d25fb7d43163e3b92a
- SHA512
  
  8cc9b428c0a646d5a7705622fc709acec0d38a8d17c711f2ba8ed838908085948f7049f1a574d7dc22babec9644354d20c26b3f74603221242e330e144defa8d
- SSDEEP
  
  1536:5nAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxz:5Gs8cd8eXlYairZYqMddH13z
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan