General

  • Target

    2025-07-02_b605fbc7a11d3e1b799e6980118313ed_amadey_elex_rhadamanthys_smoke-loader_stop

  • Size

    134KB

  • Sample

    250702-xgv7nazvex

  • MD5

    b605fbc7a11d3e1b799e6980118313ed

  • SHA1

    1bcb8685cbe83507323a269c0ac47fc72264e9d7

  • SHA256

    8c38c395be0daf5c90ffd44263af56a2d5fa0d109dd03fbca087ad6f976c1f3f

  • SHA512

    99ef6ca59efd0ab33cb7727bb5615fb4278e3f2de7af2141a7bd668cde89690f87335071e3d24ca283f7479b2ee1a4a9e8f394752c80ff6d1c4174063239e8dd

  • SSDEEP

    1536:oDfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCia:OiRTeH0iqAW6J6f1tqF6dngNmaZCia

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Targets

    • Target

      2025-07-02_b605fbc7a11d3e1b799e6980118313ed_amadey_elex_rhadamanthys_smoke-loader_stop

    • Size

      134KB

    • MD5

      b605fbc7a11d3e1b799e6980118313ed

    • SHA1

      1bcb8685cbe83507323a269c0ac47fc72264e9d7

    • SHA256

      8c38c395be0daf5c90ffd44263af56a2d5fa0d109dd03fbca087ad6f976c1f3f

    • SHA512

      99ef6ca59efd0ab33cb7727bb5615fb4278e3f2de7af2141a7bd668cde89690f87335071e3d24ca283f7479b2ee1a4a9e8f394752c80ff6d1c4174063239e8dd

    • SSDEEP

      1536:oDfDbhERTatPLTH0iqNZg3mqKv6y0RrwFd1tSEsF27da6ZW72Foj/MqMabadwCia:OiRTeH0iqAW6J6f1tqF6dngNmaZCia

    • Neconyd

      Neconyd is a trojan written in C++.

    • Neconyd family

    • Executes dropped EXE

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v16

Tasks