chaos | Catto[.]exe | Triage

Sharing

General

Target

Catto.exe
Size

343KB
MD5

8ed3ba6941919a0d9bb1cb5007476949
SHA1

95d3a559bb1842ec2b4c6f9d58ef0273f72740ff
SHA256

11e508b38307c2ee091406449b78fc1e5cae7d48ac40e4fc3339cb31a4d52754
SHA512

b1ad1f260c12f6642b54c787d05bf34456dcd7839f3b533583769b694adfe07006524511a2a09018f5c39e1fada17a373614837af2db5f3931eb7b3147e69f47
SSDEEP

3072:wCc9Km9m2n1ycrCcjtTzqP/Jf7R/9lmyAnMyYVO3zlN5xu2ZsRYHeQKkMjnXJ+Zi:Lc9picmax+JAn7Q8zlA+H+QxonXS

Score

10^/10

chaos

Malware Config

Signatures

Chaos Ransomware 1 IoCs

resource	yara_rule
sample	family_chaos

Chaos family
chaos

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Catto.exe

Files

Catto.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 291KB - Virtual size: 290KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ