neconyd | a661df1f7438dac5d67caccb49ad394bed40737bff41cfd73c167c0070aff94d | Triage

Sharing

General

Target

a661df1f7438dac5d67caccb49ad394bed40737bff41cfd73c167c0070aff94d.exe
Size

96KB
Sample

250225-banncazm15
MD5

b2ff87546ca464dc1f535d7794c2e568
SHA1

c20292bd2d72021d41514e77880d27232c2f2065
SHA256

a661df1f7438dac5d67caccb49ad394bed40737bff41cfd73c167c0070aff94d
SHA512

24759c0481c8aedf1210054a5205bbabbb8c058706864fd268976fdfd4a6f4cf4180cddcd5b7b9cd5a508ea27a24d37c8fb502d70d12c0625af226fffe600725
SSDEEP

1536:xnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxJ:xGs8cd8eXlYairZYqMddH13J

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  a661df1f7438dac5d67caccb49ad394bed40737bff41cfd73c167c0070aff94d.exe
- Size
  
  96KB
- MD5
  
  b2ff87546ca464dc1f535d7794c2e568
- SHA1
  
  c20292bd2d72021d41514e77880d27232c2f2065
- SHA256
  
  a661df1f7438dac5d67caccb49ad394bed40737bff41cfd73c167c0070aff94d
- SHA512
  
  24759c0481c8aedf1210054a5205bbabbb8c058706864fd268976fdfd4a6f4cf4180cddcd5b7b9cd5a508ea27a24d37c8fb502d70d12c0625af226fffe600725
- SSDEEP
  
  1536:xnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxJ:xGs8cd8eXlYairZYqMddH13J
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan