neconyd | 4d903b2dd7a4768a983bad3b1a0ed133bf9fcd4edac3d64a332a506fa8e5aa78 | Triage

Sharing

General

Target

4d903b2dd7a4768a983bad3b1a0ed133bf9fcd4edac3d64a332a506fa8e5aa78
Size

96KB
Sample

250306-bjkm2styaz
MD5

396e47fc5dbbce9771dd3775523d0c1c
SHA1

48a4015e038bbd575f3ed78d275053e2181b7d9f
SHA256

4d903b2dd7a4768a983bad3b1a0ed133bf9fcd4edac3d64a332a506fa8e5aa78
SHA512

f9ccadfa8a3aa606798dd265150cd2cd001ec5211e390626b84f3f6876236427cf42b9526c9383c13f1a8ccddb1f13ead46aeff3b1339b5678adaeb680f8c5fd
SSDEEP

1536:JnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxR:JGs8cd8eXlYairZYqMddH13R

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  4d903b2dd7a4768a983bad3b1a0ed133bf9fcd4edac3d64a332a506fa8e5aa78
- Size
  
  96KB
- MD5
  
  396e47fc5dbbce9771dd3775523d0c1c
- SHA1
  
  48a4015e038bbd575f3ed78d275053e2181b7d9f
- SHA256
  
  4d903b2dd7a4768a983bad3b1a0ed133bf9fcd4edac3d64a332a506fa8e5aa78
- SHA512
  
  f9ccadfa8a3aa606798dd265150cd2cd001ec5211e390626b84f3f6876236427cf42b9526c9383c13f1a8ccddb1f13ead46aeff3b1339b5678adaeb680f8c5fd
- SSDEEP
  
  1536:JnAHcBbLmdvduLd8IDiaP/8A68YaiIv2RwEYqlwi+BzdAeV9b5ADbyxxR:JGs8cd8eXlYairZYqMddH13R
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan

behavioral2

neconyddiscoverytrojan