chaos | YashmaClients[.]exe | Triage

Sharing

General

Target

YashmaClients.exe
Size

129KB
MD5

15fba1967c6bcd09520811dfe34a159b
SHA1

dec383511b8f764f3222798586ee22f0fda0331c
SHA256

a83e19610aa006d4789bb38e18b609538befb16a1df30e1205e0c38aeda089e4
SHA512

f2990e7c548f0bb18e84aeff62a38ce5d97046b44313dfda948d51efe4eac7c855b71437b57cb2e9f48453a27570559c3d6ab8349be1fdbaac44b2ef79f9dc59
SSDEEP

768:x7zxAmU2NJ1KQxJPho9aT3e82hQfMCwRhOF15utoS:xND3x7Pq9m3ZsA/wCFLS

Score

10^/10

chaos

Malware Config

Signatures

Chaos Ransomware 1 IoCs

resource	yara_rule
sample	family_chaos

Chaos family
chaos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
YashmaClients.exe

Files

YashmaClients.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ