neconyd | 1a44491707c45f4f2c40c4796c8eee537267e1a55d9e93e1445f1bb350bd6263 | Triage

Sharing

General

Target

1a44491707c45f4f2c40c4796c8eee537267e1a55d9e93e1445f1bb350bd6263N.exe
Size

96KB
Sample

250205-l851dstlar
MD5

c05aa5ddaa2ad216812b20ac9263b4f0
SHA1

317ba3deee0e68f8396530f2bbb9cc4bcb069291
SHA256

1a44491707c45f4f2c40c4796c8eee537267e1a55d9e93e1445f1bb350bd6263
SHA512

c433489214638bc0b612bcf3fb7a8e067ec3243b48b0ec5bd98550b63db7e52c068d493c002f925b36d35f88d700718cbb7b50cb29dba81801a7eb7b5ffad5ac
SSDEEP

1536:nnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:nGs8cd8eXlYairZYqMddH13L

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  1a44491707c45f4f2c40c4796c8eee537267e1a55d9e93e1445f1bb350bd6263N.exe
- Size
  
  96KB
- MD5
  
  c05aa5ddaa2ad216812b20ac9263b4f0
- SHA1
  
  317ba3deee0e68f8396530f2bbb9cc4bcb069291
- SHA256
  
  1a44491707c45f4f2c40c4796c8eee537267e1a55d9e93e1445f1bb350bd6263
- SHA512
  
  c433489214638bc0b612bcf3fb7a8e067ec3243b48b0ec5bd98550b63db7e52c068d493c002f925b36d35f88d700718cbb7b50cb29dba81801a7eb7b5ffad5ac
- SSDEEP
  
  1536:nnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxL:nGs8cd8eXlYairZYqMddH13L
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan