unicornstealer | 2ea9c58182188372eaef8e142bbebb1016cadb552bd2ac9307da940a97b21e1b | Triage

Sharing

General

Target

c3a7fb5e0fb80c3baf74c3dcdad6f45b
Size

1.2MB
Sample

240312-scyprsdf54
MD5

c3a7fb5e0fb80c3baf74c3dcdad6f45b
SHA1

73c0551396292b065851d44b59541b23affab955
SHA256

2ea9c58182188372eaef8e142bbebb1016cadb552bd2ac9307da940a97b21e1b
SHA512

403ec879be6f4dcc5a71ca7c223c4c7492a2ac983fec3175a8e042ad63705c9ccd2de7d29a5129b1169feedd7cb97815fa99ab9e53f805f798fb39830e65cf9e
SSDEEP

24576:yzd9Sm6s3SB4VbhzGcHb0bBhXxtyesOlU0YOTAXnA91IV7HExDaI/:yzTSmvdcwb0VhXHlrTKA91IV7HExOI/

Score

10^/10

unicornstealer spyware stealer

Malware Config

Targets

- Target
  
  c3a7fb5e0fb80c3baf74c3dcdad6f45b
- Size
  
  1.2MB
- MD5
  
  c3a7fb5e0fb80c3baf74c3dcdad6f45b
- SHA1
  
  73c0551396292b065851d44b59541b23affab955
- SHA256
  
  2ea9c58182188372eaef8e142bbebb1016cadb552bd2ac9307da940a97b21e1b
- SHA512
  
  403ec879be6f4dcc5a71ca7c223c4c7492a2ac983fec3175a8e042ad63705c9ccd2de7d29a5129b1169feedd7cb97815fa99ab9e53f805f798fb39830e65cf9e
- SSDEEP
  
  24576:yzd9Sm6s3SB4VbhzGcHb0bBhXxtyesOlU0YOTAXnA91IV7HExDaI/:yzTSmvdcwb0VhXHlrTKA91IV7HExOI/
Score

7^/10

spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Proxy

Exfiltration

Impact

Tasks

static1

stealerunicornstealer

behavioral1

behavioral2