blackmoon | a47996b933d4eb376b9d362be409bd3e_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

a47996b933d4eb376b9d362be409bd3e_JaffaCakes118
Size

14.3MB
MD5

a47996b933d4eb376b9d362be409bd3e
SHA1

4753f8101fb6d146de357c1f60661f0551316e96
SHA256

b7d0527b215ee9a771d278b1ddce8e373443c52390317fc12b4eef23fe4250ca
SHA512

38f7b72b30dea226e0af76ed448c85934fe2fa8d4e4cb4a9bfbc6a8505daaeada4cfdd32550f6ba13fcc1e65580d5da16b8624dbcc2ac3854e3bbb014cf2790f
SSDEEP

196608:XghvuhoGBfW5ZPzmGP8Va9+6Y7SOEibgRPghvuhoGBfW5ZPzmGP8EsV:yvuhRWmGAFgRavuhRWmGi

Score

10^/10

miner blackmoon xmrig

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a47996b933d4eb376b9d362be409bd3e_JaffaCakes118

Files

a47996b933d4eb376b9d362be409bd3e_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 539B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ