General
-
Target
NEAS.d8f76885ca9af651befe9d9e2d00d340_JC.exe
-
Size
173KB
-
Sample
231020-pdg7macc75
-
MD5
d8f76885ca9af651befe9d9e2d00d340
-
SHA1
2ce43bf640a3abe3d840ec77d6342c3c141bd74b
-
SHA256
4a4c61d929d49cd5fce4872754993a9bd570566ca2b16d114f3664d86e09eb50
-
SHA512
664d62084bf14b877fe97257c11aebbfaece26dd9053c190eda59bf25b9c01b5b97763a4d157946cdabdaaeecedb8f67c2e7b763190fbd973a342a50fa81b643
-
SSDEEP
3072:C9dUEfLpw3gCjYbUIazrdwheg+NrXJmT69qz5DcMP9vYw:C9d/w3gaYbUDzrA0dmT6SD/
Static task
static1
Behavioral task
behavioral1
Sample
NEAS.d8f76885ca9af651befe9d9e2d00d340_JC.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.d8f76885ca9af651befe9d9e2d00d340_JC.exe
Resource
win10v2004-20230915-en
Malware Config
Extracted
C:\Users\Public\YOUR_FILES_ARE_ENCRYPTED.TXT
http://golden5a4eqranh7.onion/uz6fMdRf
http://goldeny4vs3nyoht.onion/uz6fMdRf
Extracted
C:\Users\Public\YOUR_FILES_ARE_ENCRYPTED.TXT
http://golden5a4eqranh7.onion/s35o62cJ
http://goldeny4vs3nyoht.onion/s35o62cJ
Targets
-
-
Target
NEAS.d8f76885ca9af651befe9d9e2d00d340_JC.exe
-
Size
173KB
-
MD5
d8f76885ca9af651befe9d9e2d00d340
-
SHA1
2ce43bf640a3abe3d840ec77d6342c3c141bd74b
-
SHA256
4a4c61d929d49cd5fce4872754993a9bd570566ca2b16d114f3664d86e09eb50
-
SHA512
664d62084bf14b877fe97257c11aebbfaece26dd9053c190eda59bf25b9c01b5b97763a4d157946cdabdaaeecedb8f67c2e7b763190fbd973a342a50fa81b643
-
SSDEEP
3072:C9dUEfLpw3gCjYbUIazrdwheg+NrXJmT69qz5DcMP9vYw:C9d/w3gaYbUDzrA0dmT6SD/
Score10/10-
Seon
The Seon Ransomware is an encryption ransomware Trojan first observed on November 14, 2018.
-
Renames multiple (195) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (867) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Loads dropped DLL
-