Overview

overview

10

Static

static

10

Unicorn.ps1

windows7-x64

10

Unicorn.ps1

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    Unicorn.ps1

  • Size

    622B

  • Sample

    230818-ddcflafa52

  • MD5

    eabd28f14669e13028dfe9fde204bd3e

  • SHA1

    1d6ae7997532ca38e0ddeb556aae549350797893

  • SHA256

    37f20b339ca43d75654dbf5f9084507f125b3baad0e9c53383a8f7420672c41d

  • SHA512

    e2e6b1b558334241f1cdace68b79de8b709ea8044f459209f12a156d84d695d946d2c56185f51375e15f0717152410de5dacd7a7961284f759fa9520bb4afc66

Score
10/10

Malware Config

Extracted

Language
ps1
Source
URLs
exe.dropper

http://44.203.122.41:80/Update.dll
exe.dropper

http://44.203.122.41:80/Unicorn_Main.ps1
exe.dropper

http://44.203.122.41:80/randomx.ps1

Extracted

Language
ps1
Deobfuscated
URLs
ps1.dropper

http://44.203.122.41:80/amsi.ps1
ps1.dropper

http://44.203.122.41:80/UnicornDllRun.ps1

Targets

    • Target

      Unicorn.ps1

    • Size

      622B

    • MD5

      eabd28f14669e13028dfe9fde204bd3e

    • SHA1

      1d6ae7997532ca38e0ddeb556aae549350797893

    • SHA256

      37f20b339ca43d75654dbf5f9084507f125b3baad0e9c53383a8f7420672c41d

    • SHA512

      e2e6b1b558334241f1cdace68b79de8b709ea8044f459209f12a156d84d695d946d2c56185f51375e15f0717152410de5dacd7a7961284f759fa9520bb4afc66

    Score
    10/10

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks