General
-
Target
2dbea739ec5c54b1a3bcebcd138d50be_JaffaCakes118
-
Size
78KB
-
Sample
240708-zk3f9azgrb
-
MD5
2dbea739ec5c54b1a3bcebcd138d50be
-
SHA1
8983c117646ced45f438e7b5e862e3a4c725edca
-
SHA256
5b60c68944368c9b21e4333f3f289152f15e69ce2a4ff387fb7a0005cb990bfb
-
SHA512
0027b04b3f7fa337e7956ac226fd34c7344d0c7a2a32ae58fe730870b7e812a098a3fe713d5fdcf0d797254d4497d3e2511ed09227d308fa671231c0f0f047e4
-
SSDEEP
1536:JtUknV9M6+ygXCNoNGtmFWZPhV8owtnMQPo9NSw249gdhwA2jeddm0cW:VCygXkoNGtmQZ5wbAzSm9gdhj2aI0cW
Malware Config
Extracted
C:\Users\Public\YOUR_FILES_ARE_ENCRYPTED.TXT
http://golden5a4eqranh7.onion/xAKLXWQm
http://goldeny4vs3nyoht.onion/xAKLXWQm
Extracted
C:\Users\Public\YOUR_FILES_ARE_ENCRYPTED.TXT
http://golden5a4eqranh7.onion/pf3zApGB
http://goldeny4vs3nyoht.onion/pf3zApGB
Targets
-
-
Target
2dbea739ec5c54b1a3bcebcd138d50be_JaffaCakes118
-
Size
78KB
-
MD5
2dbea739ec5c54b1a3bcebcd138d50be
-
SHA1
8983c117646ced45f438e7b5e862e3a4c725edca
-
SHA256
5b60c68944368c9b21e4333f3f289152f15e69ce2a4ff387fb7a0005cb990bfb
-
SHA512
0027b04b3f7fa337e7956ac226fd34c7344d0c7a2a32ae58fe730870b7e812a098a3fe713d5fdcf0d797254d4497d3e2511ed09227d308fa671231c0f0f047e4
-
SSDEEP
1536:JtUknV9M6+ygXCNoNGtmFWZPhV8owtnMQPo9NSw249gdhwA2jeddm0cW:VCygXkoNGtmQZ5wbAzSm9gdhj2aI0cW
Score10/10-
Seon
The Seon Ransomware is an encryption ransomware Trojan first observed on November 14, 2018.
-
Renames multiple (244) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-