chaos | koala[.]exe | Triage

Sharing

General

Target

koala.exe
Size

16KB
MD5

607bf2b302c3941815dc159e356f06fd
SHA1

3d86bfc813a47dbede8f9420de418b2143e791e4
SHA256

f4967fd913dc43ba20eeda786ce3da4119df5d86b4536c3b68f44c2ed09e42bf
SHA512

1317171b290e0e0fc667d9b4210a34744e0b21416c56a7e56bc747851c6f1db375eb014b752ef304cd6527c5b288e49840ccf663b4a6e607afd1717653b095ea
SSDEEP

192:fXiJtJHunl2t90RGfWYQy3G8dcInaoVE66XwsXglbr5i7amDC/sBHvWjJ1T5Fx/X:fCul2tpOfGG2vn+wH87Tc8HuLTUX

Score

10^/10

chaos

Malware Config

Signatures

Chaos Ransomware 1 IoCs

resource	yara_rule
sample	family_chaos

Chaos family
chaos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
koala.exe

Files

koala.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ