neconyd | b56f25dc932cb6b1f3276f2533b8093db250efbb8ecda5860b13c0f439a3bf42 | Triage

Sharing

General

Target

b56f25dc932cb6b1f3276f2533b8093db250efbb8ecda5860b13c0f439a3bf42
Size

134KB
Sample

250125-fyp9asxndw
MD5

98bc18d83207c88983f907562764918b
SHA1

ca02fb1d6c55cca9ec9353ab2a6c377109c1cd55
SHA256

b56f25dc932cb6b1f3276f2533b8093db250efbb8ecda5860b13c0f439a3bf42
SHA512

b6062b0ad9216c9a4a0763e8d5594b3f81f97da9343769c43d006e347803be595bdec05127b1e1a4a8dd162ce86c193a5bb2ba5ebefa90f616a1b38ecc0ab85e
SSDEEP

1536:HDfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCia:jiRTeH0iqAW6J6f1tqF6dngNmaZCia

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  b56f25dc932cb6b1f3276f2533b8093db250efbb8ecda5860b13c0f439a3bf42
- Size
  
  134KB
- MD5
  
  98bc18d83207c88983f907562764918b
- SHA1
  
  ca02fb1d6c55cca9ec9353ab2a6c377109c1cd55
- SHA256
  
  b56f25dc932cb6b1f3276f2533b8093db250efbb8ecda5860b13c0f439a3bf42
- SHA512
  
  b6062b0ad9216c9a4a0763e8d5594b3f81f97da9343769c43d006e347803be595bdec05127b1e1a4a8dd162ce86c193a5bb2ba5ebefa90f616a1b38ecc0ab85e
- SSDEEP
  
  1536:HDfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCia:jiRTeH0iqAW6J6f1tqF6dngNmaZCia
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan