chaos | s1[.]zip | Triage

Sharing

General

Target

s1.zip
Size

10KB
MD5

f5372ef3a32e4395385538a311f36d99
SHA1

f1cccf2ca7946dd7bd08a905bdead91aa22b19cb
SHA256

98df9c5905c1f8174e6f40869711bd658dc8f9724f81f1ede67a2cfd7595f85c
SHA512

ff6ecdbe0d7ca2f609c7207cc4c3243252cca9e313bec59ff9f2c115c4d0d41442567e7cfc5a143a19c7e6039f46cdbfbdaa8fcd5e3ef94af460f40e83fe70b3
SSDEEP

192:eUIjpRQ71btxDwf5sLnnlyr6Cugo2AbWHqielbLlxpJSz+viocVO/fEm053:Rz7qcyr61OYYqNb3ijOnEHV

Score

10^/10

chaos

Malware Config

Signatures

Chaos Ransomware 1 IoCs

resource	yara_rule
static1/unpack001/chaos-lab3-MALWARE.exe	family_chaos

Chaos family
chaos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/chaos-lab3-MALWARE.exe

Files

s1.zip
.zip

Password: infected
chaos-lab3-MALWARE.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ