neconyd | 6bd01e0e132d8636a63b62930e8934b2388ce9bd9eab5799d979604d79d19553 | Triage

Sharing

General

Target

6bd01e0e132d8636a63b62930e8934b2388ce9bd9eab5799d979604d79d19553
Size

96KB
Sample

250125-blsrfazjfm
MD5

df306060b85493b71c7a9c79eef00619
SHA1

1d273403f55aba0a9d851a0952d18553022f550c
SHA256

6bd01e0e132d8636a63b62930e8934b2388ce9bd9eab5799d979604d79d19553
SHA512

98e8c95a1bde23f4ad831ac696e9a6d394355d30ed550403f69c6cad04620b33df2a27433d5aa1b92079550720e08ed2b8064d849ab61299e687125853a99d17
SSDEEP

1536:RnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxx:RGs8cd8eXlYairZYqMddH13x

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  6bd01e0e132d8636a63b62930e8934b2388ce9bd9eab5799d979604d79d19553
- Size
  
  96KB
- MD5
  
  df306060b85493b71c7a9c79eef00619
- SHA1
  
  1d273403f55aba0a9d851a0952d18553022f550c
- SHA256
  
  6bd01e0e132d8636a63b62930e8934b2388ce9bd9eab5799d979604d79d19553
- SHA512
  
  98e8c95a1bde23f4ad831ac696e9a6d394355d30ed550403f69c6cad04620b33df2a27433d5aa1b92079550720e08ed2b8064d849ab61299e687125853a99d17
- SSDEEP
  
  1536:RnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxx:RGs8cd8eXlYairZYqMddH13x
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan