chaos | RansomewareBuilder[.]exe | Triage

Sharing

General

Target

RansomewareBuilder.exe
Size

5.4MB
MD5

e326e0bb654c0c28d1683c3f740e9a9d
SHA1

9c1cbd909ab5897532c11be445cf8384f71ee9b7
SHA256

aad594c4d58ad64350c4e9b4314dcf7fa5b8bb70eb41b0d20f6a0c49a058086c
SHA512

86c01e92a90ee6573e2f0e384191f0b4ee56ddb92ad9bd8023cbf86a4566d999d56e186eacdfc0ce6f0bb3c4960def13beacb067444a1a229ad7d58d81ba5f91
SSDEEP

49152:NuKIx29kk3sN2rEt/U964aKjSEvoYY+A2N:

Score

10^/10

chaos

Malware Config

Signatures

Chaos Ransomware 1 IoCs

resource	yara_rule
sample	family_chaos

Chaos family
chaos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
RansomewareBuilder.exe

Files

RansomewareBuilder.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ