neconyd | 0caa9c5b37c8bfa49576d4e3e9d739650f9f79b51519bb9840462bcb142430be | Triage

Sharing

General

Target

0caa9c5b37c8bfa49576d4e3e9d739650f9f79b51519bb9840462bcb142430beN.exe
Size

96KB
Sample

250201-r1g69awnfv
MD5

b9173234f4b162cbf72c6f313eb81810
SHA1

656b03c93268845cec34e5eeb82076163a166673
SHA256

0caa9c5b37c8bfa49576d4e3e9d739650f9f79b51519bb9840462bcb142430be
SHA512

858e49e6cf15c7675f620a2fd2d54bc84f33d635de8569fa9af810e7a2169c393a88e9a1548b285a118b269c7752214c6bc0411193797271b8badcb2d81390b0
SSDEEP

1536:MnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:MGs8cd8eXlYairZYqMddH13L

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  0caa9c5b37c8bfa49576d4e3e9d739650f9f79b51519bb9840462bcb142430beN.exe
- Size
  
  96KB
- MD5
  
  b9173234f4b162cbf72c6f313eb81810
- SHA1
  
  656b03c93268845cec34e5eeb82076163a166673
- SHA256
  
  0caa9c5b37c8bfa49576d4e3e9d739650f9f79b51519bb9840462bcb142430be
- SHA512
  
  858e49e6cf15c7675f620a2fd2d54bc84f33d635de8569fa9af810e7a2169c393a88e9a1548b285a118b269c7752214c6bc0411193797271b8badcb2d81390b0
- SSDEEP
  
  1536:MnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:MGs8cd8eXlYairZYqMddH13L
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan