neconyd | cd86ae248b4fdc7b93429dc926f941452378e66841c5f6a3cd5655891045d547 | Triage

Sharing

General

Target

cd86ae248b4fdc7b93429dc926f941452378e66841c5f6a3cd5655891045d547N.exe
Size

96KB
Sample

250201-wtlcjswmfk
MD5

b638a9c8e31dadeeb313a6e2358b3b70
SHA1

77bf3b34cd5aea0f032915216adcaf6df744543f
SHA256

cd86ae248b4fdc7b93429dc926f941452378e66841c5f6a3cd5655891045d547
SHA512

5bb242333346467d299ff477086d5c0975a7c9ce057eb4ae8c676ad1413dfc938c88a21d83549ad8bc0b2562da72ce4bd8fba2acf6c603954dc1e675581cc23d
SSDEEP

1536:unAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:uGs8cd8eXlYairZYqMddH13L

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  cd86ae248b4fdc7b93429dc926f941452378e66841c5f6a3cd5655891045d547N.exe
- Size
  
  96KB
- MD5
  
  b638a9c8e31dadeeb313a6e2358b3b70
- SHA1
  
  77bf3b34cd5aea0f032915216adcaf6df744543f
- SHA256
  
  cd86ae248b4fdc7b93429dc926f941452378e66841c5f6a3cd5655891045d547
- SHA512
  
  5bb242333346467d299ff477086d5c0975a7c9ce057eb4ae8c676ad1413dfc938c88a21d83549ad8bc0b2562da72ce4bd8fba2acf6c603954dc1e675581cc23d
- SSDEEP
  
  1536:unAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:uGs8cd8eXlYairZYqMddH13L
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan