chaos | 1[.]zip

Resubmissions

18-04-2024 16:18

240418-tr7fwsae6x 10

13-04-2024 06:33

240413-hbqbwseg9z 10

12-04-2024 09:47

240412-lr6klacd6s 10

Sharing

Copy URL

Twitter E-mail

General

Target

1.zip
Size

78KB
MD5

daa45aae87cc8834a9888bd6e0a78710
SHA1

d15bbaa19f1a2836b6e1ad7f21fcc1bb9933723f
SHA256

cac13216f258b46462a963e984a57d0b34fe53cde02b8190a8afb5e9119a9ca0
SHA512

caeb0599289089cc92076577edbf790b5bdc6694e9e86f1dc30e56e360cea62baaf63480f26343eac35a665df701ce9ab49554a8975997aba182241aa61ea9aa
SSDEEP

1536:RBhbXvb8hoJrhUH2vOAeocNo6BRCV/7FHcWZvQRXRsrgKlmx3D:R3vTrdOAMo5pKXRwlG

Score

10^/10

chaos

Malware Config

Signatures

Chaos Ransomware 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/Antivirus.exe	family_chaos

Chaos family
chaos

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/Antivirus.exe
unpack001/decryptor-decrypter/Decrypter.exe

Files

1.zip
.zip
Antivirus.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
decryptor-decrypter/Decrypter.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\User\Desktop\v7\Decrypter\decrypter\obj\Debug\Yashma decrypter.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
decryptor-decrypter/privateKey.yashma
.xml
decryptor-decrypter/publicKey.yashma
.xml

Resubmissions

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 108KB - Virtual size: 108KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 101KB - Virtual size: 101KB

.rsrc Size: 106KB - Virtual size: 106KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 108KB - Virtual size: 108KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 101KB - Virtual size: 101KB

.rsrc
Size: 106KB - Virtual size: 106KB

.reloc
Size: 512B - Virtual size: 12B