General

  • Target

    2106dfc082f77329cc1f6bc49342252a7e261a496e97046519aaeab9b61d09beN.exe

  • Size

    96KB

  • Sample

    250121-f6f1laylg1

  • MD5

    321909c591b4066fc06703effea9a2d0

  • SHA1

    47b843e133c66949d6f6b38ba6df870d624486b9

  • SHA256

    2106dfc082f77329cc1f6bc49342252a7e261a496e97046519aaeab9b61d09be

  • SHA512

    9dcbf4fb3bb4c3bfcdfda9f12e5cf89e46f80ee4d0ddd5a535138c703fdbbc24198e20175d71ee065f8ec579e54a700c1414ff143fc72fdee6ebe7ad8dcf9ad3

  • SSDEEP

    1536:rnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:rGs8cd8eXlYairZYqMddH13L

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      2106dfc082f77329cc1f6bc49342252a7e261a496e97046519aaeab9b61d09beN.exe

    • Size

      96KB

    • MD5

      321909c591b4066fc06703effea9a2d0

    • SHA1

      47b843e133c66949d6f6b38ba6df870d624486b9

    • SHA256

      2106dfc082f77329cc1f6bc49342252a7e261a496e97046519aaeab9b61d09be

    • SHA512

      9dcbf4fb3bb4c3bfcdfda9f12e5cf89e46f80ee4d0ddd5a535138c703fdbbc24198e20175d71ee065f8ec579e54a700c1414ff143fc72fdee6ebe7ad8dcf9ad3

    • SSDEEP

      1536:rnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:rGs8cd8eXlYairZYqMddH13L

    • Neconyd

      Neconyd is a trojan written in C++.

    • Neconyd family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks