neconyd | 1863f8ffd273a7d21d813c004bbee88e27ceed12faba042880bd1bb72a3b14d5 | Triage

Sharing

General

Target

1863f8ffd273a7d21d813c004bbee88e27ceed12faba042880bd1bb72a3b14d5.exe
Size

96KB
Sample

250121-kbfhssvnar
MD5

de08d653fa129b10cd40b2b869573be8
SHA1

2164c63aced87d14e6544bd63cf79f4d2f5d4aca
SHA256

1863f8ffd273a7d21d813c004bbee88e27ceed12faba042880bd1bb72a3b14d5
SHA512

06bb45bfe88c50892fc2b23faf9ddb22a211378dda508a6fee2a6561ce864ee08a7a187b34839f69a4e3b965f9b9d9c896b312245fd8d60368e6659e178bfd66
SSDEEP

1536:NnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxR:NGs8cd8eXlYairZYqMddH13R

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  1863f8ffd273a7d21d813c004bbee88e27ceed12faba042880bd1bb72a3b14d5.exe
- Size
  
  96KB
- MD5
  
  de08d653fa129b10cd40b2b869573be8
- SHA1
  
  2164c63aced87d14e6544bd63cf79f4d2f5d4aca
- SHA256
  
  1863f8ffd273a7d21d813c004bbee88e27ceed12faba042880bd1bb72a3b14d5
- SHA512
  
  06bb45bfe88c50892fc2b23faf9ddb22a211378dda508a6fee2a6561ce864ee08a7a187b34839f69a4e3b965f9b9d9c896b312245fd8d60368e6659e178bfd66
- SSDEEP
  
  1536:NnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxR:NGs8cd8eXlYairZYqMddH13R
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan