Overview

overview

10

Static

static

3

56.exe

windows7-x64

10

56.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1cdaa3c87b640f749452205df24cd3b9338dbfac5a2c73a96ea20f41e9a799e0

  • Size

    85KB

  • Sample

    240922-ke9k2szhqe

  • MD5

    5d8487a7c2c353006ad40886b6cd41a0

  • SHA1

    52fff7297a47cd9558f158117886236612c8be86

  • SHA256

    1cdaa3c87b640f749452205df24cd3b9338dbfac5a2c73a96ea20f41e9a799e0

  • SHA512

    fbe625a0c1d7b462f12b4d66acc52df622b3eb6293c549799b0daf95a907b0df292770d8456107a9b1cef5ff1434dde8659aa73715b9fc0cff0586b34e0ea8fc

  • SSDEEP

    1536:Sw6ovd79W0/sZPQ0gSI84xvDiubx6xkccjIe8JH3zra33jLkDAu98KqLQU:ooF7MtZPQteulscjIeWODLkzvq/

Score
10/10
seondiscoveryransomwarespywarestealertrojan

Malware Config

Extracted

Path

C:\Users\Public\YOUR_FILES_ARE_ENCRYPTED.TXT

Ransom Note
You became victim of the GOLDENEYE RANSOMWARE! The files on your computer have been encrypted with an military grade encryption algorithm. There is no way to restore your data without a special key. You can purchase this key on the darknet page shown in step 2. To purchase your key and restore your data, please follow these three easy steps: 1. Download the Tor Browser at "https://www.torproject.org/". If you need help, please google for "access onion page". 2. Visit one of the following pages with the Tor Browser: http://golden5a4eqranh7.onion/nSAgMYgN http://goldeny4vs3nyoht.onion/nSAgMYgN 3. Enter your personal decryption code there: nSAgMYgNiM1qioN5PV72bR7ADvzErAuNTAYpqjoqsvhH1u3sHPHHDgnsLRgBS4hUL3g5LErNkUTT8QdysS2WdinPB5GiAHo2
URLs

http://golden5a4eqranh7.onion/nSAgMYgN

http://goldeny4vs3nyoht.onion/nSAgMYgN

Extracted

Path

C:\Users\Public\YOUR_FILES_ARE_ENCRYPTED.TXT

Ransom Note
You became victim of the GOLDENEYE RANSOMWARE! The files on your computer have been encrypted with an military grade encryption algorithm. There is no way to restore your data without a special key. You can purchase this key on the darknet page shown in step 2. To purchase your key and restore your data, please follow these three easy steps: 1. Download the Tor Browser at "https://www.torproject.org/". If you need help, please google for "access onion page". 2. Visit one of the following pages with the Tor Browser: http://golden5a4eqranh7.onion/sTCXTykX http://goldeny4vs3nyoht.onion/sTCXTykX 3. Enter your personal decryption code there: sTCXTykX4suKWYkhXx5DfnE2SoveLasU7cCNtyNhdyAaXN8QHyuZ2WUTmDSQJHFGzc7uYZFr4ndYHwxf5iLEw1WNuWrWweP8
URLs

http://golden5a4eqranh7.onion/sTCXTykX

http://goldeny4vs3nyoht.onion/sTCXTykX

Targets

    • Target

      56

    • Size

      147KB

    • MD5

      691bc42ad3905fa13d1f088e1aaf07c8

    • SHA1

      4747422f504a5b8638a53255905bc759316cdf45

    • SHA256

      640d57062a58daf8cde747d115085e323923d5f297fe6e76960c0953a1c75139

    • SHA512

      18ec42ef13042539460e20f339a0495c1d87ff3764476fd5dd53197788df4a233879a9c8f709a89915a0f9bca46a3af85cd7b0b7426c2f89620b10ffee506431

    • SSDEEP

      3072:U9dUEfLpw3gCidSMFztbGw9Pz5DHrN+Ch:U9d/w3gN/pZH

    Score
    10/10
    seondiscoveryransomwarespywarestealertrojan

    • Seon

      The Seon Ransomware is an encryption ransomware Trojan first observed on November 14, 2018.

      trojanransomwareseon

    • Renames multiple (254) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks