Behavioral task
behavioral1
Sample
26a599bebc163e77879f5584b411a51330e24646437684fb1db2843f1ebb0396.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
26a599bebc163e77879f5584b411a51330e24646437684fb1db2843f1ebb0396.exe
Resource
win10v2004-20231215-en
General
-
Target
26a599bebc163e77879f5584b411a51330e24646437684fb1db2843f1ebb0396.exe
-
Size
26KB
-
MD5
645335f325dd8f4ad6e4ddc425aa98fd
-
SHA1
ee9896ddd493a611da0dee2a99140c62ad40da27
-
SHA256
d9bbff4fb40045f6c61dd1bd8f3e52f0e2624cb536f90615858a6e11e0cf8a5f
-
SHA512
dcfbaa599a507f15a0f8a8e38fe0c8f9045e92078564d6f5426a38ecd00346e66dc665b4e7ca2593836cd63f1d6405bbe4b608cad63cf23103c8c832773a53c1
-
SSDEEP
384:qYenjLLAps4T5lBavzb/xlhKOVp91Q+b5hxDGe:5OElB6sc9G+bXxDJ
Malware Config
Signatures
-
Chaos Ransomware 1 IoCs
resource yara_rule sample family_chaos -
Chaos family
-
Detects command variations typically used by ransomware 1 IoCs
resource yara_rule sample INDICATOR_SUSPICIOUS_GENRansomware -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 26a599bebc163e77879f5584b411a51330e24646437684fb1db2843f1ebb0396.exe
Files
-
26a599bebc163e77879f5584b411a51330e24646437684fb1db2843f1ebb0396.exe.exe windows:4 windows x86 arch:x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ