chaos | pack[.]rar

Sharing

Copy URL

Twitter E-mail

General

Target

pack.rar
Size

50KB
MD5

e577756b47b67d68f13887db3739768d
SHA1

5732244c1029a30c2f915c546e1de551c45a06aa
SHA256

71bfe1f26a98e152344fe5687db229da90e9ba8475cb3804a78a0f46152ba0bf
SHA512

24807c2a544c97e977a18096225545828bcc070e036c3d5c1557d53471c4b0399d815df675be338aeed84c5d201274d394b6a64371eb4ab8a099da46040a50cb
SSDEEP

1536:UWMdgrnhBCmIpd1DFTjsPLXw9YC0RgK5dgt3:UWMdgrGzd5d4XaYC+FP4

Score

10^/10

chaos

Malware Config

Signatures

Chaos Ransomware 1 IoCs

Processes:

resource	yara_rule
static1/unpack001/pack/cho2.exe	family_chaos

Chaos family
chaos

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/pack/Decrypter.exe
unpack001/pack/cho2.exe

Files

pack.rar
.rar
pack/Decrypter.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\User\Desktop\decrypter\decrypter\obj\Debug\Chaos ransomware decrypter.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pack/cho2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pack/privateKey.chaos
.xml
pack/publicKey.chaos
.xml

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 97KB - Virtual size: 97KB

.rsrc Size: 120KB - Virtual size: 119KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 20KB - Virtual size: 19KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

.text
Size: 97KB - Virtual size: 97KB

.rsrc
Size: 120KB - Virtual size: 119KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 20KB - Virtual size: 19KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B