chaos | BuilderChaosRansomware[.]exe[.]zip | Triage

Resubmissions

01/04/2025, 18:11

250401-wssegawl13 10

01/04/2025, 18:09

250401-wrkm8sttcv 10

Sharing

General

Target

BuilderChaosRansomware.exe.zip
Size

130KB
MD5

5177d03af6a5c1583413fc4d6ea458d0
SHA1

5a642ea930b54e3c755026387e57cc265e3a390a
SHA256

c5471f41e0c89986dabada8d25452654d821864cce6d7f630031ac2f53230bc8
SHA512

9999c904ed4df1e980dd2f7ad2a72eb3b15ab70f140b03b9f58b193fac0cc104f146be8a247f050eb6d3830c3b9ad357e8c1651350cf2c3ab8f94baabac777f7
SSDEEP

3072:jUZoI+leQPflYHFf5rSuvgQ/Ur3VLx0wWxIqMTFG1gZ6VY:jjIO/YHJ9rg1rF9Bjg6QVY

Score

10^/10

chaos

Malware Config

Signatures

Chaos Ransomware 1 IoCs

resource	yara_rule
static1/unpack001/BuilderChaosRansomware.exe.bin	family_chaos

Chaos family
chaos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BuilderChaosRansomware.exe.bin

Files

BuilderChaosRansomware.exe.zip
.zip

Password: infected
BuilderChaosRansomware.exe.bin
.exe windows:4 windows x86 arch:x86

Password: infected

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\User\Desktop\builder\CustomWindowsForm\obj\Debug\Chaos Ransomware Builder v4.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 429KB - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ