Overview

overview

10

Static

static

3

7ba9adc6a0...97.exe

windows7-x64

10

7ba9adc6a0...97.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7ba9adc6a0d487a4748d1a1474b07d359f4695d41841dfc920ff4eada910d797.exe

  • Size

    79KB

  • Sample

    250205-n471asvqcz

  • MD5

    0ebc107a0fb56d77759a635e9d043228

  • SHA1

    ec7a1e7132f5c3140ff06c542782388576a128f8

  • SHA256

    7ba9adc6a0d487a4748d1a1474b07d359f4695d41841dfc920ff4eada910d797

  • SHA512

    794eda52f2ff8b10518f59963ce6018b1b954a65bbe662d1b5db761f1ec9828cbdbcdff079fb39f08cf2ae151cdb3cc90c422501ace427637d20f502bffab9fe

  • SSDEEP

    1536:/tUknV9M6+ygXCNoNGtmFWZPhV8owtnMQPo9NSw249gdhwA2jeddMB:fCygXkoNGtmQZ5wbAzSm9gdhj2a6B

Score
10/10
seondiscoveryransomwarespywarestealertrojan

Malware Config

Extracted

Path

C:\Users\Public\YOUR_FILES_ARE_ENCRYPTED.TXT

Ransom Note
You became victim of the GOLDENEYE RANSOMWARE! The files on your computer have been encrypted with an military grade encryption algorithm. There is no way to restore your data without a special key. You can purchase this key on the darknet page shown in step 2. To purchase your key and restore your data, please follow these three easy steps: 1. Download the Tor Browser at "https://www.torproject.org/". If you need help, please google for "access onion page". 2. Visit one of the following pages with the Tor Browser: http://golden5a4eqranh7.onion/x4UXrJWs http://goldeny4vs3nyoht.onion/x4UXrJWs 3. Enter your personal decryption code there: x4UXrJWshfrokmc5akXWLzgaGFK5fbCxDFyMiQ9tP9jX1wH9eBmbhhHz9dnpeahbipA9fMcHEFj6UsQSoMwmfX73bwaqQ3w5
URLs

http://golden5a4eqranh7.onion/x4UXrJWs

http://goldeny4vs3nyoht.onion/x4UXrJWs

Extracted

Path

C:\Users\Public\YOUR_FILES_ARE_ENCRYPTED.TXT

Ransom Note
You became victim of the GOLDENEYE RANSOMWARE! The files on your computer have been encrypted with an military grade encryption algorithm. There is no way to restore your data without a special key. You can purchase this key on the darknet page shown in step 2. To purchase your key and restore your data, please follow these three easy steps: 1. Download the Tor Browser at "https://www.torproject.org/". If you need help, please google for "access onion page". 2. Visit one of the following pages with the Tor Browser: http://golden5a4eqranh7.onion/wm9hbfMQ http://goldeny4vs3nyoht.onion/wm9hbfMQ 3. Enter your personal decryption code there: wm9hbfMQGEp7MNLmfg9yZFafHx6paDNq4WJQucipUvvpVzDnCqMqUT7JxGYZQvrX7quM888cQYfTnHpAk6DE3hz8Hk3P48Ph
URLs

http://golden5a4eqranh7.onion/wm9hbfMQ

http://goldeny4vs3nyoht.onion/wm9hbfMQ

Targets

    • Target

      7ba9adc6a0d487a4748d1a1474b07d359f4695d41841dfc920ff4eada910d797.exe

    • Size

      79KB

    • MD5

      0ebc107a0fb56d77759a635e9d043228

    • SHA1

      ec7a1e7132f5c3140ff06c542782388576a128f8

    • SHA256

      7ba9adc6a0d487a4748d1a1474b07d359f4695d41841dfc920ff4eada910d797

    • SHA512

      794eda52f2ff8b10518f59963ce6018b1b954a65bbe662d1b5db761f1ec9828cbdbcdff079fb39f08cf2ae151cdb3cc90c422501ace427637d20f502bffab9fe

    • SSDEEP

      1536:/tUknV9M6+ygXCNoNGtmFWZPhV8owtnMQPo9NSw249gdhwA2jeddMB:fCygXkoNGtmQZ5wbAzSm9gdhj2a6B

    Score
    10/10
    seondiscoveryransomwarespywarestealertrojan

    • Seon

      The Seon Ransomware is an encryption ransomware Trojan first observed on November 14, 2018.

      trojanransomwareseon

    • Seon family

      seon

    • Renames multiple (235) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks