neconyd | 17c155d38b7255f10a57d43f44014dd6d0b1c28201e62db9c08d39e10ef064c6 | Triage

Sharing

General

Target

JaffaCakes118_01b36e0afa6cf15ee49ba2c56994f33f
Size

128KB
Sample

250121-dv8v5atngx
MD5

01b36e0afa6cf15ee49ba2c56994f33f
SHA1

d3449d903ff8473fd6efd34808f7cb0802a7d3ef
SHA256

17c155d38b7255f10a57d43f44014dd6d0b1c28201e62db9c08d39e10ef064c6
SHA512

530b75c4052de6c7d1b5d6b0a34a4007a19efc31c52682625c079bd51847c97d1e200b9bdeadd923af3064a53c7ae365e4a32b124e60c42fd11682788293d9c2
SSDEEP

1536:GDfDbhERTatPLTLLbC+8BMNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabau:4iRTe3n8BMAW6J6f1tqF6dngNmaZrN

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  JaffaCakes118_01b36e0afa6cf15ee49ba2c56994f33f
- Size
  
  128KB
- MD5
  
  01b36e0afa6cf15ee49ba2c56994f33f
- SHA1
  
  d3449d903ff8473fd6efd34808f7cb0802a7d3ef
- SHA256
  
  17c155d38b7255f10a57d43f44014dd6d0b1c28201e62db9c08d39e10ef064c6
- SHA512
  
  530b75c4052de6c7d1b5d6b0a34a4007a19efc31c52682625c079bd51847c97d1e200b9bdeadd923af3064a53c7ae365e4a32b124e60c42fd11682788293d9c2
- SSDEEP
  
  1536:GDfDbhERTatPLTLLbC+8BMNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabau:4iRTe3n8BMAW6J6f1tqF6dngNmaZrN
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan