chaos | YashmaClient[.]exe | Triage

Sharing

General

Target

YashmaClient.exe
Size

130KB
MD5

6a5d6de74af2307b9ddb8e7e0a05aec3
SHA1

a9bb545b11c8b4415359fead7a92ea848f508530
SHA256

4e44d16e3c4274d3a49d8562299659b7177632e484ca7ba3c0d7a95bc44d686a
SHA512

bffc0eed72576ac2b0d68410db02d76369bd937d9a4767cc0edd021343cf8f0a81af9813cb0038726ff61ac274f81ae4144f3717148807ba5973b7103408f8f2
SSDEEP

768:w7zxAmCgnegjDho9Ws82FOfMCwRhOF15utoS:wNCRADq9W3cS/wCFLS

Score

10^/10

chaos

Malware Config

Signatures

Chaos Ransomware 1 IoCs

resource	yara_rule
sample	family_chaos

Chaos family
chaos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
YashmaClient.exe

Files

YashmaClient.exe
.exe windows:4 windows x86 arch:x86

Password: 123

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ