neconyd | 01e054d2ebfe1d081e04db8d37225d68e463115911323c309ec8f6f4312056b5 | Triage

Sharing

General

Target

2025-04-06_5a05a07ec79fa7c837682e7c7d7c74fd_amadey_rhadamanthys_smoke-loader
Size

134KB
Sample

250406-z3ah7ayxf1
MD5

5a05a07ec79fa7c837682e7c7d7c74fd
SHA1

33ca9c1ab118729564f2d43ff9b5a51a328290be
SHA256

01e054d2ebfe1d081e04db8d37225d68e463115911323c309ec8f6f4312056b5
SHA512

24d6f951441edb11cf8b017d51114ef4998218a217e53cf89f94787063e380a14282da70919c765aef67aa43858240002cbf105d58fb572d1544e52b38a39d27
SSDEEP

1536:+DfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCia:giRTeH0iqAW6J6f1tqF6dngNmaZCia

Score

10^/10

neconyd discovery trojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

- Target
  
  2025-04-06_5a05a07ec79fa7c837682e7c7d7c74fd_amadey_rhadamanthys_smoke-loader
- Size
  
  134KB
- MD5
  
  5a05a07ec79fa7c837682e7c7d7c74fd
- SHA1
  
  33ca9c1ab118729564f2d43ff9b5a51a328290be
- SHA256
  
  01e054d2ebfe1d081e04db8d37225d68e463115911323c309ec8f6f4312056b5
- SHA512
  
  24d6f951441edb11cf8b017d51114ef4998218a217e53cf89f94787063e380a14282da70919c765aef67aa43858240002cbf105d58fb572d1544e52b38a39d27
- SSDEEP
  
  1536:+DfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCia:giRTeH0iqAW6J6f1tqF6dngNmaZCia
Score

10^/10

neconyd discovery trojan
- Neconyd
  Neconyd is a trojan written in C++.
  trojan neconyd
- Neconyd family
  neconyd
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

neconyddiscoverytrojan