neconyd | 8f9006f7a9e06b1e6b6d1781f5beb5c836f9c079b3f1197109b101090921ecd9 | Triage

Sharing

General

Target

8f9006f7a9e06b1e6b6d1781f5beb5c836f9c079b3f1197109b101090921ecd9.exe
Size

96KB
Sample

250205-n8wstsxjhq
MD5

20f598dc0670e96b74bbb6459acecb7a
SHA1

0b5408761377fc586bab392f277ccb345b863e31
SHA256

8f9006f7a9e06b1e6b6d1781f5beb5c836f9c079b3f1197109b101090921ecd9
SHA512

66205064f7ce794dc7fdd0fa58b128f411be9505203bb504b340ededd06f3e00df37732affd3ae2fc9609f1ee9b69440aaa52e8f9908d7d26c7bf0572505b7af
SSDEEP

1536:pnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxT:pGs8cd8eXlYairZYqMddH13T

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  8f9006f7a9e06b1e6b6d1781f5beb5c836f9c079b3f1197109b101090921ecd9.exe
- Size
  
  96KB
- MD5
  
  20f598dc0670e96b74bbb6459acecb7a
- SHA1
  
  0b5408761377fc586bab392f277ccb345b863e31
- SHA256
  
  8f9006f7a9e06b1e6b6d1781f5beb5c836f9c079b3f1197109b101090921ecd9
- SHA512
  
  66205064f7ce794dc7fdd0fa58b128f411be9505203bb504b340ededd06f3e00df37732affd3ae2fc9609f1ee9b69440aaa52e8f9908d7d26c7bf0572505b7af
- SSDEEP
  
  1536:pnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxT:pGs8cd8eXlYairZYqMddH13T
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan