unicornstealer | 9634c5efbda486f33066bddeec1d80ee2ce1f89c5e8ce55189da3c90986059d7 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

9634c5efbd...d7.dll

windows7-x64

9634c5efbd...d7.dll

windows10-2004-x64

1

Sharing

General

Target

9634c5efbda486f33066bddeec1d80ee2ce1f89c5e8ce55189da3c90986059d7
Size

4.7MB
Sample

221130-w49g5adg65
MD5

737ab7aba216fc2abee9d4c3f9180a89
SHA1

b593cd2742f88d0f93023402b1f01199c7b553a8
SHA256

9634c5efbda486f33066bddeec1d80ee2ce1f89c5e8ce55189da3c90986059d7
SHA512

250bbd2149446e5d15b67525ecbc32fcc6a52d2a2279fb1895c16f5e4c9e8be5ec8c6bb0b721c4f6188a84b82528bd60baf3e7b494b086a9696ada638a624d8d
SSDEEP

49152:p+avudqS6vdIJH5m+A2O0RPLK7HHztGsFXEezqWmT6Td/GDlEzt:IkjoLKTFXEe+7E

Score

10^/10

unicornstealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

9634c5efbda486f33066bddeec1d80ee2ce1f89c5e8ce55189da3c90986059d7.dll

Resource

win7-20220812-en

unicornstealer spyware stealer

windows7-x64

8 signatures

150 seconds

Behavioral task

behavioral2

Sample

9634c5efbda486f33066bddeec1d80ee2ce1f89c5e8ce55189da3c90986059d7.dll

Resource

win10v2004-20220812-en

windows10-2004-x64

3 signatures

150 seconds

Malware Config

Targets

- Target
  
  9634c5efbda486f33066bddeec1d80ee2ce1f89c5e8ce55189da3c90986059d7
- Size
  
  4.7MB
- MD5
  
  737ab7aba216fc2abee9d4c3f9180a89
- SHA1
  
  b593cd2742f88d0f93023402b1f01199c7b553a8
- SHA256
  
  9634c5efbda486f33066bddeec1d80ee2ce1f89c5e8ce55189da3c90986059d7
- SHA512
  
  250bbd2149446e5d15b67525ecbc32fcc6a52d2a2279fb1895c16f5e4c9e8be5ec8c6bb0b721c4f6188a84b82528bd60baf3e7b494b086a9696ada638a624d8d
- SSDEEP
  
  49152:p+avudqS6vdIJH5m+A2O0RPLK7HHztGsFXEezqWmT6Td/GDlEzt:IkjoLKTFXEe+7E
Score

10^/10

unicornstealer spyware stealer
- UnicornStealer
  UnicornStealer is a modular infostealer written in C++.
  stealer unicornstealer
- Unicorn Stealer payload
  stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Connection Proxy

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Connection Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

unicornstealerspywarestealer

behavioral2

© 2018-2025

Terms | Privacy