General

  • Target

    2025-07-02_b7ef70e4a12268c2e2c36da4b6918cb0_amadey_elex_rhadamanthys_smoke-loader_stop

  • Size

    134KB

  • Sample

    250702-xg6cmahr61

  • MD5

    b7ef70e4a12268c2e2c36da4b6918cb0

  • SHA1

    d5ae3e6ae3e9445be2f2075f35016adffcc09f55

  • SHA256

    1adbe57101136dead95e834745ed29637082072c1b4d7cff5b5dc281207fb520

  • SHA512

    62a447c433920486a80fb9175757efae9ef8281b3474aa7d90614062ca0fdd419f7ef00f26e0c3bddb32f78fcee22829484f461e3b791e7d830c722f23032843

  • SSDEEP

    1536:zDfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCid:/iRTeH0iqAW6J6f1tqF6dngNmaZCiaI

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      2025-07-02_b7ef70e4a12268c2e2c36da4b6918cb0_amadey_elex_rhadamanthys_smoke-loader_stop

    • Size

      134KB

    • MD5

      b7ef70e4a12268c2e2c36da4b6918cb0

    • SHA1

      d5ae3e6ae3e9445be2f2075f35016adffcc09f55

    • SHA256

      1adbe57101136dead95e834745ed29637082072c1b4d7cff5b5dc281207fb520

    • SHA512

      62a447c433920486a80fb9175757efae9ef8281b3474aa7d90614062ca0fdd419f7ef00f26e0c3bddb32f78fcee22829484f461e3b791e7d830c722f23032843

    • SSDEEP

      1536:zDfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCid:/iRTeH0iqAW6J6f1tqF6dngNmaZCiaI

    • Neconyd

      Neconyd is a trojan written in C++.

    • Neconyd family

    • Executes dropped EXE

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks