unicornstealer | 29c062ee6df61733f00c39c3290c58a33c1eea61b5fbf2a8560b57b5b689440b | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

29c062ee6d...0b.dll

windows7_x64

29c062ee6d...0b.dll

windows10-2004_x64

1

Sharing

General

Target

29c062ee6df61733f00c39c3290c58a33c1eea61b5fbf2a8560b57b5b689440b
Size

3.3MB
Sample

220502-ahdmnsbhaq
MD5

f2b1412c63ab313adbef1d480583ea37
SHA1

d02b5032d725c104b3eafb476dad23f9958755ae
SHA256

29c062ee6df61733f00c39c3290c58a33c1eea61b5fbf2a8560b57b5b689440b
SHA512

2daf692dbbaa6d60a439c86a95e65f2e47d7df2f57a71ccddf0728bd7d481915550996e3f68dffdeaa0ee813206b5b1ef76febcd47f26ad0fde77162c3859df3

Score

10^/10

unicornstealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

29c062ee6df61733f00c39c3290c58a33c1eea61b5fbf2a8560b57b5b689440b.dll

Resource

win7-20220414-en

unicornstealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

29c062ee6df61733f00c39c3290c58a33c1eea61b5fbf2a8560b57b5b689440b.dll

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  29c062ee6df61733f00c39c3290c58a33c1eea61b5fbf2a8560b57b5b689440b
- Size
  
  3.3MB
- MD5
  
  f2b1412c63ab313adbef1d480583ea37
- SHA1
  
  d02b5032d725c104b3eafb476dad23f9958755ae
- SHA256
  
  29c062ee6df61733f00c39c3290c58a33c1eea61b5fbf2a8560b57b5b689440b
- SHA512
  
  2daf692dbbaa6d60a439c86a95e65f2e47d7df2f57a71ccddf0728bd7d481915550996e3f68dffdeaa0ee813206b5b1ef76febcd47f26ad0fde77162c3859df3
Score

10^/10

unicornstealer spyware stealer
- UnicornStealer
  UnicornStealer is a modular infostealer written in C++.
  stealer unicornstealer
- Unicorn Stealer Payload
  stealer
- Blocklisted process makes network request
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

unicornstealerspywarestealer

behavioral2

© 2018-2025

Terms | Privacy