seon

General

Target

3d8c03ffa5fb4a6eef11b131a267b2208193f531fd1d0d2cabc392852e9e5289
Size

147KB
Sample

210516-3ctpf6g92s
MD5

b9426017b811a9d3f54171882c63535e
SHA1

dd8ff3a8521f910b31214e08ee438addeae22358
SHA256

3d8c03ffa5fb4a6eef11b131a267b2208193f531fd1d0d2cabc392852e9e5289
SHA512

d92b5e14f2095bccafafbb6d2fc3c0a1140bc5ac729c1dbe06d31180ed6f6fd326b77f7cf1a91778db7cfee1058d1cd127d44700d541f4eedb7c5e3559e4e06e

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\YOUR_FILES_ARE_ENCRYPTED.TXT

Ransom Note

You became victim of the GOLDENEYE RANSOMWARE! The files on your computer have been encrypted with an military grade encryption algorithm. There is no way to restore your data without a special key. You can purchase this key on the darknet page shown in step 2. To purchase your key and restore your data, please follow these three easy steps: 1. Download the Tor Browser at "https://www.torproject.org/". If you need help, please google for "access onion page". 2. Visit one of the following pages with the Tor Browser: http://golden5a4eqranh7.onion/uSDebUhP http://goldeny4vs3nyoht.onion/uSDebUhP 3. Enter your personal decryption code there: uSDebUhPE8LYDURwVBdC5kttThPJCSuKXSAtpp6Qwaq4bstisz46cuxRW6VixdQ9Kbge2SJzPf1gGSukAC2dzWPMHXUDp7V2

URLs

http://golden5a4eqranh7.onion/uSDebUhP

http://goldeny4vs3nyoht.onion/uSDebUhP

Extracted

Path

C:\Users\Admin\YOUR_FILES_ARE_ENCRYPTED.TXT

Ransom Note

You became victim of the GOLDENEYE RANSOMWARE! The files on your computer have been encrypted with an military grade encryption algorithm. There is no way to restore your data without a special key. You can purchase this key on the darknet page shown in step 2. To purchase your key and restore your data, please follow these three easy steps: 1. Download the Tor Browser at "https://www.torproject.org/". If you need help, please google for "access onion page". 2. Visit one of the following pages with the Tor Browser: http://golden5a4eqranh7.onion/nRhAUTwV http://goldeny4vs3nyoht.onion/nRhAUTwV 3. Enter your personal decryption code there: nRhAUTwVji9RGo5msXVKerinVL2ajVzQtPqUbVHtsuvXshv3ovLyfDUEbXSJRU5yaS5x2R2q7J1z4pZXHgHBvpDXA3CxudXf

URLs

http://golden5a4eqranh7.onion/nRhAUTwV

http://goldeny4vs3nyoht.onion/nRhAUTwV

Targets

- Target
  
  3d8c03ffa5fb4a6eef11b131a267b2208193f531fd1d0d2cabc392852e9e5289
- Size
  
  147KB
- MD5
  
  b9426017b811a9d3f54171882c63535e
- SHA1
  
  dd8ff3a8521f910b31214e08ee438addeae22358
- SHA256
  
  3d8c03ffa5fb4a6eef11b131a267b2208193f531fd1d0d2cabc392852e9e5289
- SHA512
  
  d92b5e14f2095bccafafbb6d2fc3c0a1140bc5ac729c1dbe06d31180ed6f6fd326b77f7cf1a91778db7cfee1058d1cd127d44700d541f4eedb7c5e3559e4e06e
Score

10^/10

seon ransomware spyware stealer trojan
- Seon
  The Seon Ransomware is an encryption ransomware Trojan first observed on November 14, 2018.
  trojan ransomware seon
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Executes dropped EXE

Modifies extensions of user files

Loads dropped DLL

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2