chaos | FridayBoycrazy123[.]exe | Triage

Sharing

General

Target

FridayBoycrazy123.exe
Size

279KB
MD5

8f34508c833a7f2d6bd306fbe5e90086
SHA1

d04dd0fca1c332112fa8261f55638e268ba941a9
SHA256

f3bfcddc0c2f5a2842ee4cf114783a3ab3c44cde03892ed71b31ec2564cd2041
SHA512

056b1ee68c9f9de9f5ec92d8a20fb01ba66d2cf2a61523ff492f6489c142dbcb81828f8b938a3f6dfb2dd2cc9b1ad245c495070b3a2250f410b81ca4381fb372
SSDEEP

6144:iFr9SiyJ7/+WZT1kRnSeXSX9MNzxiMwP2OswI:CyJ7/+Wd1kRnFX4mNzxyeOswI

Score

10^/10

chaos

Malware Config

Signatures

Chaos Ransomware 1 IoCs

resource	yara_rule
sample	family_chaos

Chaos family
chaos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FridayBoycrazy123.exe

Files

FridayBoycrazy123.exe
.exe windows:4 windows x86 arch:x86

Password: evilsnake69

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 276KB - Virtual size: 276KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ