Overview

overview

10

Static

static

3

ec4f0c6f79...0f.exe

windows7-x64

10

ec4f0c6f79...0f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ec4f0c6f7901565b034991547d42de6f8afd71695fd28a15a4199e72575a8b0f.exe

  • Size

    79KB

  • Sample

    250205-tkyv6svrgl

  • MD5

    7d578c616e075d7c5b1939a5a00a5b3d

  • SHA1

    548b72daea1294f665a6bcebcb7e8b274fb7a8a5

  • SHA256

    ec4f0c6f7901565b034991547d42de6f8afd71695fd28a15a4199e72575a8b0f

  • SHA512

    0f9e5c7dd126b3b48e596247a053f6896f4d38ac4812d908cf87c9df592b02960e4ce6a6ab82854f920c46f9c4543e8b17c785bf469b5b71623af2616329e65d

  • SSDEEP

    1536:/tUknV9M6+ygXCNoNGtmFWZPhV8owtnMQPo9NSw249gdhwA2jeddCL:fCygXkoNGtmQZ5wbAzSm9gdhj2aML

Score
10/10
seondiscoveryransomwarespywarestealertrojan

Malware Config

Extracted

Path

C:\Users\Public\YOUR_FILES_ARE_ENCRYPTED.TXT

Ransom Note
You became victim of the GOLDENEYE RANSOMWARE! The files on your computer have been encrypted with an military grade encryption algorithm. There is no way to restore your data without a special key. You can purchase this key on the darknet page shown in step 2. To purchase your key and restore your data, please follow these three easy steps: 1. Download the Tor Browser at "https://www.torproject.org/". If you need help, please google for "access onion page". 2. Visit one of the following pages with the Tor Browser: http://golden5a4eqranh7.onion/nU6bstiu http://goldeny4vs3nyoht.onion/nU6bstiu 3. Enter your personal decryption code there: nU6bstiuJqXzkMs6Bg9nTS8x4HJbpaKHtmACqa5dcqMV1uMTVZPJ6Jk3UuUhBr1b4tAn5gigpacSf5dy9mwVRxBjfgB52kda
URLs

http://golden5a4eqranh7.onion/nU6bstiu

http://goldeny4vs3nyoht.onion/nU6bstiu

Extracted

Path

C:\Users\Public\YOUR_FILES_ARE_ENCRYPTED.TXT

Ransom Note
You became victim of the GOLDENEYE RANSOMWARE! The files on your computer have been encrypted with an military grade encryption algorithm. There is no way to restore your data without a special key. You can purchase this key on the darknet page shown in step 2. To purchase your key and restore your data, please follow these three easy steps: 1. Download the Tor Browser at "https://www.torproject.org/". If you need help, please google for "access onion page". 2. Visit one of the following pages with the Tor Browser: http://golden5a4eqranh7.onion/t3oeuyY8 http://goldeny4vs3nyoht.onion/t3oeuyY8 3. Enter your personal decryption code there: t3oeuyY84dxqQZaPLW4pkNsEGzSU2j5m9yhmzVRjXkxRgZuhjWeqtrCzvmrxLR8axM7Uf8hckHEQYWUe6EwfQD7nfRDpKTma
URLs

http://golden5a4eqranh7.onion/t3oeuyY8

http://goldeny4vs3nyoht.onion/t3oeuyY8

Targets

    • Target

      ec4f0c6f7901565b034991547d42de6f8afd71695fd28a15a4199e72575a8b0f.exe

    • Size

      79KB

    • MD5

      7d578c616e075d7c5b1939a5a00a5b3d

    • SHA1

      548b72daea1294f665a6bcebcb7e8b274fb7a8a5

    • SHA256

      ec4f0c6f7901565b034991547d42de6f8afd71695fd28a15a4199e72575a8b0f

    • SHA512

      0f9e5c7dd126b3b48e596247a053f6896f4d38ac4812d908cf87c9df592b02960e4ce6a6ab82854f920c46f9c4543e8b17c785bf469b5b71623af2616329e65d

    • SSDEEP

      1536:/tUknV9M6+ygXCNoNGtmFWZPhV8owtnMQPo9NSw249gdhwA2jeddCL:fCygXkoNGtmQZ5wbAzSm9gdhj2aML

    Score
    10/10
    seondiscoveryransomwarespywarestealertrojan

    • Seon

      The Seon Ransomware is an encryption ransomware Trojan first observed on November 14, 2018.

      trojanransomwareseon

    • Seon family

      seon

    • Renames multiple (262) files with added filename extension

      This suggests ransomware activity of encrypting all the files on the system.

      ransomware

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks