chaos | PrivateChat[.]exe | Triage

Sharing

General

Target

PrivateChat.exe
Size

120KB
MD5

5d4c5f3457c4487fe26df768ed8f3d2b
SHA1

f5f3df7d11e06dc158ac8183a8bde5895f8ea251
SHA256

19c393a4787d325984d850d8f02db1f302819b808952f72c332251d5d95f7c32
SHA512

793b8917ad068b77bcc7d771a28069ac432cfb441438e1a1f159fe94cbb2aa550fb2cc47d7354e30275ce2df402774902c987ad9b9be900f3748281f13a30e9a
SSDEEP

3072:QoIcFr9LvJxaJ3e6ua0g0qcB2f/u80kcmU/C7eJBz4Jtu:dr9LvkbOqguxU6f4

Score

10^/10

chaos

Malware Config

Signatures

Chaos Ransomware 1 IoCs

resource	yara_rule
sample	family_chaos

Chaos family
chaos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
PrivateChat.exe

Files

PrivateChat.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ