Overview

overview

10

Static

static

3

51.exe

windows7-x64

10

51.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fcb26e3dea2cafdd514a15ca4a21565254aa5e064a1fa580412f00c5c8005220

  • Size

    84KB

  • Sample

    240922-kdqrjszgkk

  • MD5

    dc6db2ed2f4f5b6d578b1e36733cf49f

  • SHA1

    ffb9a281f65f75da5dbc46f694f278926cae908e

  • SHA256

    fcb26e3dea2cafdd514a15ca4a21565254aa5e064a1fa580412f00c5c8005220

  • SHA512

    27bf234e934c70967fb0daccca8ba4656e60c14118982e8e78a8e118c57bcfbeeb15da03cd17679bd91c198843610c579f058da6a2e2165ca31ecd9933afaa42

  • SSDEEP

    1536:VKwvVmNG7k1XiI6LFIbyKrPK/pUuXGWggqxKC00Txdd06cm1ivcjPPYbbd9mu4Xx:zVmvXkMyKL6tXgHx80Tz66cm1wqKZ+6a

Score
10/10
seondiscoveryransomwarespywarestealertrojan

Malware Config

Extracted

Path

C:\Users\Public\YOUR_FILES_ARE_ENCRYPTED.TXT

Ransom Note
You became victim of the GOLDENEYE RANSOMWARE! The files on your computer have been encrypted with an military grade encryption algorithm. There is no way to restore your data without a special key. You can purchase this key on the darknet page shown in step 2. To purchase your key and restore your data, please follow these three easy steps: 1. Download the Tor Browser at "https://www.torproject.org/". If you need help, please google for "access onion page". 2. Visit one of the following pages with the Tor Browser: http://golden5a4eqranh7.onion/rvXEVbLA http://goldeny4vs3nyoht.onion/rvXEVbLA 3. Enter your personal decryption code there: rvXEVbLA5CPmx4DcNaGRVV1cLzbPpUHCHjQ5Y1RwxDv99sShqu4fhTcE2geJePeEmEXJL1ey1DQ5sFqtN1LmhokHGcK6irXQ
URLs

http://golden5a4eqranh7.onion/rvXEVbLA

http://goldeny4vs3nyoht.onion/rvXEVbLA

Extracted

Path

C:\Users\Public\YOUR_FILES_ARE_ENCRYPTED.TXT

Ransom Note
You became victim of the GOLDENEYE RANSOMWARE! The files on your computer have been encrypted with an military grade encryption algorithm. There is no way to restore your data without a special key. You can purchase this key on the darknet page shown in step 2. To purchase your key and restore your data, please follow these three easy steps: 1. Download the Tor Browser at "https://www.torproject.org/". If you need help, please google for "access onion page". 2. Visit one of the following pages with the Tor Browser: http://golden5a4eqranh7.onion/uq5FqYsR http://goldeny4vs3nyoht.onion/uq5FqYsR 3. Enter your personal decryption code there: uq5FqYsRNgEsWKFcZ59oz68nwfFMH81Dg82egrmUK8iZNhvDuaZfVp6Z6zvNDj26wni9H1evj4fyWrZ473Xjzn7YWtR3NzGR
URLs

http://golden5a4eqranh7.onion/uq5FqYsR

http://goldeny4vs3nyoht.onion/uq5FqYsR

Targets

    • Target

      51

    • Size

      147KB

    • MD5

      171c41627cf09743d62c82b5ed02eadd

    • SHA1

      c7185b62b71c292aee70a4b482f3c0c530c1e7d5

    • SHA256

      9f345814f1c436cee84bfc91536dee4c85081f11f49cf5623708d77c76aea8d7

    • SHA512

      5e162774bd69a98acab13ad4b85a181e113e1afc015e629d6659c2dcfdfa3739948cf37f79bf78b60ca37daaf2b2f1e8239b4aaaa5fb4e2e508f1f64c525c7a2

    • SSDEEP

      3072:P9dUEfLpw3gCjYbUIazrdwheg+NrXJmT69dz5wkbar4b:P9d/w3gaYbUDzrA0dmT6LZ

    Score
    10/10
    seondiscoveryransomwarespywarestealertrojan

    • Seon

      The Seon Ransomware is an encryption ransomware Trojan first observed on November 14, 2018.

      trojanransomwareseon

    • Renames multiple (235) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks