seon

General

Target

00d109a581d9757f77f149aa0766398946a4a4c82dfe7fb85435c784faa93a3b
Size

150KB
Sample

220524-n6pazacgfq
MD5

dcabfb6eb919767fa14b71f2bfdcbe00
SHA1

c598d24b226f8188924f6e34f1aa86e890c64229
SHA256

00d109a581d9757f77f149aa0766398946a4a4c82dfe7fb85435c784faa93a3b
SHA512

d06fa847be6f4f48413200d0a1d21f271cff464e975b8687308cda9bf4a2bcd522f3b9c511465f6cd24f37a05bc322545504b138437f673307dda4c6dcb9f871

Score

10^/10

Malware Config

Extracted

Path

C:\Users\Admin\YOUR_FILES_ARE_ENCRYPTED.TXT

Ransom Note

You became victim of the GOLDENEYE RANSOMWARE! The files on your computer have been encrypted with an military grade encryption algorithm. There is no way to restore your data without a special key. You can purchase this key on the darknet page shown in step 2. To purchase your key and restore your data, please follow these three easy steps: 1. Download the Tor Browser at "https://www.torproject.org/". If you need help, please google for "access onion page". 2. Visit one of the following pages with the Tor Browser: http://golden5a4eqranh7.onion/wjDgEumz http://goldeny4vs3nyoht.onion/wjDgEumz 3. Enter your personal decryption code there: wjDgEumzYZPnJhkjLiEd8zqaz8sggxcyupBUjkpyeKfgRwbNsVK3G6gjww62zVxoquZqBUqymn11FRuecf2mgEA5DJHfaQJB

URLs

http://golden5a4eqranh7.onion/wjDgEumz

http://goldeny4vs3nyoht.onion/wjDgEumz

Extracted

Path

C:\Users\Admin\YOUR_FILES_ARE_ENCRYPTED.TXT

Ransom Note

You became victim of the GOLDENEYE RANSOMWARE! The files on your computer have been encrypted with an military grade encryption algorithm. There is no way to restore your data without a special key. You can purchase this key on the darknet page shown in step 2. To purchase your key and restore your data, please follow these three easy steps: 1. Download the Tor Browser at "https://www.torproject.org/". If you need help, please google for "access onion page". 2. Visit one of the following pages with the Tor Browser: http://golden5a4eqranh7.onion/pR3XdmDW http://goldeny4vs3nyoht.onion/pR3XdmDW 3. Enter your personal decryption code there: pR3XdmDWvRvn4wuzfZG8eDzXyhJv5nEaD5NG5PVKtrFK3e1DjVVgaUJ7nvmPVqcZPsXhuiskQ9YhRsN53CdG23qVQ9ZhLnbx

URLs

http://golden5a4eqranh7.onion/pR3XdmDW

http://goldeny4vs3nyoht.onion/pR3XdmDW

Targets

- Target
  
  00d109a581d9757f77f149aa0766398946a4a4c82dfe7fb85435c784faa93a3b
- Size
  
  150KB
- MD5
  
  dcabfb6eb919767fa14b71f2bfdcbe00
- SHA1
  
  c598d24b226f8188924f6e34f1aa86e890c64229
- SHA256
  
  00d109a581d9757f77f149aa0766398946a4a4c82dfe7fb85435c784faa93a3b
- SHA512
  
  d06fa847be6f4f48413200d0a1d21f271cff464e975b8687308cda9bf4a2bcd522f3b9c511465f6cd24f37a05bc322545504b138437f673307dda4c6dcb9f871
Score

10^/10

seon ransomware spyware stealer trojan
- Seon
  The Seon Ransomware is an encryption ransomware Trojan first observed on November 14, 2018.
  trojan ransomware seon
- Executes dropped EXE
- Modifies extensions of user files
  Ransomware generally changes the extension on encrypted files.
  ransomware
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Extracted

Targets

Executes dropped EXE

Modifies extensions of user files

Loads dropped DLL

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2