General

  • Target

    c900f2a4119484877f293c23124cb8766f6015a2f0afa2616af5230ce1bc91df.exe

  • Size

    96KB

  • Sample

    250201-qfm2bstkdx

  • MD5

    640036c324b6763e3397bdc9d5065426

  • SHA1

    cb5ef36508ef3ecd646a80375141bc7379677a7e

  • SHA256

    c900f2a4119484877f293c23124cb8766f6015a2f0afa2616af5230ce1bc91df

  • SHA512

    e75a5e9d79d5df89f113a4d2ac5fba0d16dc201944e4dd0a6d440f4b569512dad11eaf57382569691aa307e8d85ce4acaf67c379a8524f20aa0ff319ee06cc35

  • SSDEEP

    1536:MnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxp:MGs8cd8eXlYairZYqMddH13p

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      c900f2a4119484877f293c23124cb8766f6015a2f0afa2616af5230ce1bc91df.exe

    • Size

      96KB

    • MD5

      640036c324b6763e3397bdc9d5065426

    • SHA1

      cb5ef36508ef3ecd646a80375141bc7379677a7e

    • SHA256

      c900f2a4119484877f293c23124cb8766f6015a2f0afa2616af5230ce1bc91df

    • SHA512

      e75a5e9d79d5df89f113a4d2ac5fba0d16dc201944e4dd0a6d440f4b569512dad11eaf57382569691aa307e8d85ce4acaf67c379a8524f20aa0ff319ee06cc35

    • SSDEEP

      1536:MnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxp:MGs8cd8eXlYairZYqMddH13p

    • Neconyd

      Neconyd is a trojan written in C++.

    • Neconyd family

    • Executes dropped EXE

    • Loads dropped DLL

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks