General
-
Target
NEAS.d8f76885ca9af651befe9d9e2d00d340_JC.exe
-
Size
173KB
-
Sample
231020-vms85sed8t
-
MD5
d8f76885ca9af651befe9d9e2d00d340
-
SHA1
2ce43bf640a3abe3d840ec77d6342c3c141bd74b
-
SHA256
4a4c61d929d49cd5fce4872754993a9bd570566ca2b16d114f3664d86e09eb50
-
SHA512
664d62084bf14b877fe97257c11aebbfaece26dd9053c190eda59bf25b9c01b5b97763a4d157946cdabdaaeecedb8f67c2e7b763190fbd973a342a50fa81b643
-
SSDEEP
3072:C9dUEfLpw3gCjYbUIazrdwheg+NrXJmT69qz5DcMP9vYw:C9d/w3gaYbUDzrA0dmT6SD/
Malware Config
Extracted
C:\Users\Public\YOUR_FILES_ARE_ENCRYPTED.TXT
http://golden5a4eqranh7.onion/wXbEXz8v
http://goldeny4vs3nyoht.onion/wXbEXz8v
Extracted
C:\Users\Public\YOUR_FILES_ARE_ENCRYPTED.TXT
http://golden5a4eqranh7.onion/xQsN7xb9
http://goldeny4vs3nyoht.onion/xQsN7xb9
Targets
-
-
Target
NEAS.d8f76885ca9af651befe9d9e2d00d340_JC.exe
-
Size
173KB
-
MD5
d8f76885ca9af651befe9d9e2d00d340
-
SHA1
2ce43bf640a3abe3d840ec77d6342c3c141bd74b
-
SHA256
4a4c61d929d49cd5fce4872754993a9bd570566ca2b16d114f3664d86e09eb50
-
SHA512
664d62084bf14b877fe97257c11aebbfaece26dd9053c190eda59bf25b9c01b5b97763a4d157946cdabdaaeecedb8f67c2e7b763190fbd973a342a50fa81b643
-
SSDEEP
3072:C9dUEfLpw3gCjYbUIazrdwheg+NrXJmT69qz5DcMP9vYw:C9d/w3gaYbUDzrA0dmT6SD/
Score10/10-
Seon
The Seon Ransomware is an encryption ransomware Trojan first observed on November 14, 2018.
-
Renames multiple (197) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Renames multiple (736) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-