chaos | Npcap[.]bin[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Npcap.bin.exe
Size

35KB
MD5

23591c81d46ac87baf52184f72d5f475
SHA1

11516bfd63450b217b38e916677e1346269e2d15
SHA256

52ff7007755e46d9c35c56a1e69a32d47611174cc77ab5d70ea01e75121d8915
SHA512

a078a482c953c95272b9b7622a5bc88365a95dc0d2079c1cfd27ba7f1868cb08b8b57542fa7b25dafe3406caf586e5a97846c4d09a3088a8c0bdf9c33a6de652
SSDEEP

384:/3Mg/bqo2ayPiQwwwHhVUpEkLOjHJar91CnIlnSimcowF4iyG9ZuGT3ammKb50ep:Zqo2GQD6UpPOjpar9FXH4eKGTBbeep

Score

10^/10

chaos

Malware Config

Signatures

Chaos Ransomware 1 IoCs

resource	yara_rule
sample	family_chaos

Chaos family
chaos

Files

Npcap.bin.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ