blackmoon | 880431fdcfbd3c4d21c4fe4bf587a1c4_JaffaCakes118 | Triage

Sharing

General

Target

880431fdcfbd3c4d21c4fe4bf587a1c4_JaffaCakes118
Size

20.3MB
MD5

880431fdcfbd3c4d21c4fe4bf587a1c4
SHA1

7092d3620865f7579bb8f75634954580d3143ac3
SHA256

93b4613338ddfeacd867118553ab0c3cf2e5e6976e5fc070a04a70ff07e82a2a
SHA512

c71b38f5aa462e4cb7c6abe8a4d015d60eb058cf27bd1f934bd4bb90a87db38ede62072297590939f20e9d58886a2904d6e6b610b1f929477b6e63034936b253
SSDEEP

196608:Xghvuh9+xu+NZPzmGP8wa9+6Y7SOEibgRPghvuh9+xu+NZPzmGP8G7PV:yvuh9+xu+SG5FgRavuh9+xu+SGHh

Score

10^/10

miner blackmoon xmrig

Malware Config

Signatures

Blackmoon family
blackmoon

Detect Blackmoon payload 1 IoCs

resource	yara_rule
sample	family_blackmoon

XMRig Miner payload 1 IoCs

resource	yara_rule
sample	xmrig

Xmrig family
xmrig

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
880431fdcfbd3c4d21c4fe4bf587a1c4_JaffaCakes118

Files

880431fdcfbd3c4d21c4fe4bf587a1c4_JaffaCakes118
.exe windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 4KB - Virtual size: 539B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ