neconyd | 67b4cf272fd1e6b8830ce604a7921e3e69252de2f1dd39db2ccc8469ec80b747 | Triage

Sharing

General

Target

67b4cf272fd1e6b8830ce604a7921e3e69252de2f1dd39db2ccc8469ec80b747
Size

134KB
Sample

250220-bdh72avly5
MD5

85daa7472398d35b874a669f4201f993
SHA1

7bf5f409b59897d037f5e20f4e5e51ce3a115cca
SHA256

67b4cf272fd1e6b8830ce604a7921e3e69252de2f1dd39db2ccc8469ec80b747
SHA512

93d23c7755d857ae3e1bf3625ff3929d711155750f0aee657da6993d5a1167d617015c4172f26002167adbc307f6662c12f704b4bbdee6ad31fedf2153330395
SSDEEP

1536:oDDfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCn:giRTeH0iqAW6J6f1tqF6dngNmaZCia

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  67b4cf272fd1e6b8830ce604a7921e3e69252de2f1dd39db2ccc8469ec80b747
- Size
  
  134KB
- MD5
  
  85daa7472398d35b874a669f4201f993
- SHA1
  
  7bf5f409b59897d037f5e20f4e5e51ce3a115cca
- SHA256
  
  67b4cf272fd1e6b8830ce604a7921e3e69252de2f1dd39db2ccc8469ec80b747
- SHA512
  
  93d23c7755d857ae3e1bf3625ff3929d711155750f0aee657da6993d5a1167d617015c4172f26002167adbc307f6662c12f704b4bbdee6ad31fedf2153330395
- SSDEEP
  
  1536:oDDfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCn:giRTeH0iqAW6J6f1tqF6dngNmaZCia
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan