neconyd | 5a57669cb81019638f17dcfe825749fe1277461b4d4d92b1a7bc9faf245e5410 | Triage

Sharing

General

Target

5a57669cb81019638f17dcfe825749fe1277461b4d4d92b1a7bc9faf245e5410
Size

134KB
Sample

250224-3nf9zavls9
MD5

a88cc43e7e4236446263ecb5e5a16d18
SHA1

5caae4d5c818b727aafb9c75a738be3d53389966
SHA256

5a57669cb81019638f17dcfe825749fe1277461b4d4d92b1a7bc9faf245e5410
SHA512

c72ef42c477ee9a1275d61126e64b0d7d2d6e81c390233c12ba42b6ed3bf9e1a2a7e46edf09a4bf2c1c61bc0bc62afb8e7f6b60cb407f03a7c05cd5736c04647
SSDEEP

1536:XDfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCiP:ziRTeH0iqAW6J6f1tqF6dngNmaZCiaI

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  5a57669cb81019638f17dcfe825749fe1277461b4d4d92b1a7bc9faf245e5410
- Size
  
  134KB
- MD5
  
  a88cc43e7e4236446263ecb5e5a16d18
- SHA1
  
  5caae4d5c818b727aafb9c75a738be3d53389966
- SHA256
  
  5a57669cb81019638f17dcfe825749fe1277461b4d4d92b1a7bc9faf245e5410
- SHA512
  
  c72ef42c477ee9a1275d61126e64b0d7d2d6e81c390233c12ba42b6ed3bf9e1a2a7e46edf09a4bf2c1c61bc0bc62afb8e7f6b60cb407f03a7c05cd5736c04647
- SSDEEP
  
  1536:XDfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCiP:ziRTeH0iqAW6J6f1tqF6dngNmaZCiaI
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan