chaos | 250218-vrw6lavjbq_pw_infected[.]zip | Triage

Resubmissions

19-02-2025 03:41

250219-d8y8vawnam 10

Sharing

General

Target

250218-vrw6lavjbq_pw_infected.zip
Size

25KB
MD5

1ff4b8d111332d6819989d6ebab7bd9e
SHA1

9e5e6af9911ce01fe3bdda8ffd8c1f46183ae364
SHA256

9185a41647a1d171c8a14b8be04bfafa6bba600aedc4bddd8a6a66dcc1d38d80
SHA512

922cb608ddd500dc195925376d1103ba73ab8ae8a4812c45934f843a3260708a2c80f8beac59cd68ffed7c35202750f73c3ba2cdf6942c0e2450d71ff13671da
SSDEEP

384:9ml0tSc21DWjIhZ2dWN9qQxMT1Fzzi9ZNEj8p4tunReXeyw7BLirtfux:AlUShDl2U9qQ4zi9Z4Q4xZeLat0

Score

10^/10

chaos

Malware Config

Signatures

Chaos Ransomware 1 IoCs

resource	yara_rule
static1/unpack001/YashmaClients.exe	family_chaos

Chaos family
chaos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/YashmaClients.exe

Files

250218-vrw6lavjbq_pw_infected.zip
.zip

Password: infected
YashmaClients.exe
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ