chaos | Chaos Ransomware Builder[.]e[.]7z | Triage

Sharing

General

Target

Chaos Ransomware Builder.e.7z
Size

59KB
MD5

5e2b47f10894800a2e330c6a08bb9499
SHA1

9a3cf458ec1a8372dd701128c73bc436201716ca
SHA256

0a9f4f0c2cb65e6fad3182af10ca77c78880e5672192be7ccc82d7b476808e7c
SHA512

5a2de60e6070f158cd53f40befbec825f3c37eeefe5fbe97b0f70fbff7c5eb9a6c6c2e7ca64ff0afc2a9165cd726d1511e6f3ca3da62a690b092aa4e01d66c73
SSDEEP

1536:5WkiXDiInIo37RGJ+iJJpDEGfXivXwWjfyE+DHPIRPvj/:Ukqn1FipDnadCPYr

Score

10^/10

chaos

Malware Config

Signatures

Chaos Ransomware 1 IoCs

resource	yara_rule
static1/unpack001/BuilderChaosRansomware.e/Chaos Ransomware Builder v5.2.exe	family_chaos

Chaos family
chaos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BuilderChaosRansomware.e/Chaos Ransomware Builder v5.2.exe

Files

Chaos Ransomware Builder.e.7z
.7z

Password: infected
BuilderChaosRansomware.e/Chaos Ransomware Builder v5.2.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\User\Desktop\5.2\Builder\CustomWindowsForm\obj\Debug\Chaos Ransomware Builder v5.2.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 439KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ