neconyd | 18950759b4044717a5c028ff457af1eb524556aa634a52a1014c386458486842 | Triage

Sharing

General

Target

18950759b4044717a5c028ff457af1eb524556aa634a52a1014c386458486842.exe
Size

96KB
Sample

250123-zy6e3avmbm
MD5

b3713e03f5213be6bdd7366e5961730c
SHA1

9e4087a0ba8e77c162201bd559b400ad520ef3ed
SHA256

18950759b4044717a5c028ff457af1eb524556aa634a52a1014c386458486842
SHA512

15faab5cd6251d5dcb0454fd5251643c9d71f6e3b472e0db318da7b11229d13cb8cdf620d8fb2851bc62fc0db5fe018f3574a0cc0fc15fd7ef0884f96eeda109
SSDEEP

1536:rnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxz:rGs8cd8eXlYairZYqMddH13z

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  18950759b4044717a5c028ff457af1eb524556aa634a52a1014c386458486842.exe
- Size
  
  96KB
- MD5
  
  b3713e03f5213be6bdd7366e5961730c
- SHA1
  
  9e4087a0ba8e77c162201bd559b400ad520ef3ed
- SHA256
  
  18950759b4044717a5c028ff457af1eb524556aa634a52a1014c386458486842
- SHA512
  
  15faab5cd6251d5dcb0454fd5251643c9d71f6e3b472e0db318da7b11229d13cb8cdf620d8fb2851bc62fc0db5fe018f3574a0cc0fc15fd7ef0884f96eeda109
- SSDEEP
  
  1536:rnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxz:rGs8cd8eXlYairZYqMddH13z
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan