seon

General

Target

2b71bdf234f7031f5ddec877413081be39f01241595c4781798f850598b7965b
Size

80KB
Sample

210516-225r2ahygn
MD5

c6c826418defa98a9da4d42922f05ff5
SHA1

56dfab44b3cbdb510a6c5c439466a18100456dc5
SHA256

2b71bdf234f7031f5ddec877413081be39f01241595c4781798f850598b7965b
SHA512

fda229805746c60dd38b3d9c8be2f2e0e4585bb5e585217660cfbbb5a5952581908e4031b34d3e47bebac2df951710274d1b4ada59474582961cb326281d5d60

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\YOUR_FILES_ARE_ENCRYPTED.TXT

Ransom Note

You became victim of the GOLDENEYE RANSOMWARE! The files on your computer have been encrypted with an military grade encryption algorithm. There is no way to restore your data without a special key. You can purchase this key on the darknet page shown in step 2. To purchase your key and restore your data, please follow these three easy steps: 1. Download the Tor Browser at "https://www.torproject.org/". If you need help, please google for "access onion page". 2. Visit one of the following pages with the Tor Browser: http://golden5a4eqranh7.onion/rKvSZU2H http://goldeny4vs3nyoht.onion/rKvSZU2H 3. Enter your personal decryption code there: rKvSZU2H1Swp7LKoCXDMGWJNwWGzbJYmr1V8Zt5Kv6xU3x1cdQgxDFvk5H9enNyXdH1M6qC9f56Qk65KQxzuC9Xe1CFHJ4LC

URLs

http://golden5a4eqranh7.onion/rKvSZU2H

http://goldeny4vs3nyoht.onion/rKvSZU2H

Extracted

Path

C:\Users\Admin\YOUR_FILES_ARE_ENCRYPTED.TXT

Ransom Note

You became victim of the GOLDENEYE RANSOMWARE! The files on your computer have been encrypted with an military grade encryption algorithm. There is no way to restore your data without a special key. You can purchase this key on the darknet page shown in step 2. To purchase your key and restore your data, please follow these three easy steps: 1. Download the Tor Browser at "https://www.torproject.org/". If you need help, please google for "access onion page". 2. Visit one of the following pages with the Tor Browser: http://golden5a4eqranh7.onion/oczcz5Ex http://goldeny4vs3nyoht.onion/oczcz5Ex 3. Enter your personal decryption code there: oczcz5ExSzrUhDDRorNpemSrZXoTe2fUKqV8AU1xVuDnvnG2ZpmcURRDdsP19fNoLQYaUGSrjxq9HbkybKrWFd3icU9eMCKH

URLs

http://golden5a4eqranh7.onion/oczcz5Ex

http://goldeny4vs3nyoht.onion/oczcz5Ex

Targets

- Target
  
  2b71bdf234f7031f5ddec877413081be39f01241595c4781798f850598b7965b
- Size
  
  80KB
- MD5
  
  c6c826418defa98a9da4d42922f05ff5
- SHA1
  
  56dfab44b3cbdb510a6c5c439466a18100456dc5
- SHA256
  
  2b71bdf234f7031f5ddec877413081be39f01241595c4781798f850598b7965b
- SHA512
  
  fda229805746c60dd38b3d9c8be2f2e0e4585bb5e585217660cfbbb5a5952581908e4031b34d3e47bebac2df951710274d1b4ada59474582961cb326281d5d60
Score

10^/10

seon ransomware spyware stealer trojan
- Seon
  The Seon Ransomware is an encryption ransomware Trojan first observed on November 14, 2018.
  trojan ransomware seon
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Process Discovery

1

T1057

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2