neconyd | 80bc785db01bf1399053f97e4f8bf368c2c177be243c33bccd2091df55ae2e52 | Triage

Sharing

General

Target

JaffaCakes118_0ff481dcf160a2df65900a40f319a840
Size

128KB
Sample

250221-d27lmsslap
MD5

0ff481dcf160a2df65900a40f319a840
SHA1

ce00bb90c9b36333b521981a7a03ac01a21be2d3
SHA256

80bc785db01bf1399053f97e4f8bf368c2c177be243c33bccd2091df55ae2e52
SHA512

e1d02bfcb7a53097439dd519804fed1fa7efab881ba56470daaf8b2b66ef1204d72b1e4feec77506a080b197c58a53626e9ae7a320c756d933f94831e8731c45
SSDEEP

1536:3DfDbhERTatPLTLLbC+8BMNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabau:TiRTe3n8BMAW6J6f1tqF6dngNmaZrN

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  JaffaCakes118_0ff481dcf160a2df65900a40f319a840
- Size
  
  128KB
- MD5
  
  0ff481dcf160a2df65900a40f319a840
- SHA1
  
  ce00bb90c9b36333b521981a7a03ac01a21be2d3
- SHA256
  
  80bc785db01bf1399053f97e4f8bf368c2c177be243c33bccd2091df55ae2e52
- SHA512
  
  e1d02bfcb7a53097439dd519804fed1fa7efab881ba56470daaf8b2b66ef1204d72b1e4feec77506a080b197c58a53626e9ae7a320c756d933f94831e8731c45
- SSDEEP
  
  1536:3DfDbhERTatPLTLLbC+8BMNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabau:TiRTe3n8BMAW6J6f1tqF6dngNmaZrN
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan