unicornstealer | 006030c65bef125523e1d0e71646fda933ce396a4968603dbcbc54c8850dcc15 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

493e5734e7...18.dll

windows7-x64

493e5734e7...18.dll

windows10-2004-x64

Sharing

General

Target

493e5734e71e2a6186383e5e048d91c4_JaffaCakes118
Size

5.2MB
Sample

240331-bknfbsbe94
MD5

493e5734e71e2a6186383e5e048d91c4
SHA1

27bbe09ac4a6006f2f0fdeda47024e7669922160
SHA256

006030c65bef125523e1d0e71646fda933ce396a4968603dbcbc54c8850dcc15
SHA512

3b196b08ea299eaa28add73cea3cfc82ada23ed86f0fa2113cbff62f0db1c9ff31778f205341d8b0c5ee610416881a47115c48f2ea2c9caf69f57f013bbfed28
SSDEEP

49152:qvxx0Ssk0qwtN+qEqDyqn088eKbHg9zhVTpKLymXpwK7d8Wwfv7tMpoHzQcBGEPN:qy+qE2lv8eK09zhQy6ufvRMkSEqalD

Score

10^/10

unicornstealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

493e5734e71e2a6186383e5e048d91c4_JaffaCakes118.dll

Resource

win7-20240221-en

unicornstealer spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

493e5734e71e2a6186383e5e048d91c4_JaffaCakes118.dll

Resource

win10v2004-20240226-en

unicornstealer spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  493e5734e71e2a6186383e5e048d91c4_JaffaCakes118
- Size
  
  5.2MB
- MD5
  
  493e5734e71e2a6186383e5e048d91c4
- SHA1
  
  27bbe09ac4a6006f2f0fdeda47024e7669922160
- SHA256
  
  006030c65bef125523e1d0e71646fda933ce396a4968603dbcbc54c8850dcc15
- SHA512
  
  3b196b08ea299eaa28add73cea3cfc82ada23ed86f0fa2113cbff62f0db1c9ff31778f205341d8b0c5ee610416881a47115c48f2ea2c9caf69f57f013bbfed28
- SSDEEP
  
  49152:qvxx0Ssk0qwtN+qEqDyqn088eKbHg9zhVTpKLymXpwK7d8Wwfv7tMpoHzQcBGEPN:qy+qE2lv8eK09zhQy6ufvRMkSEqalD
Score

10^/10

unicornstealer spyware stealer
- UnicornStealer
  UnicornStealer is a modular infostealer written in C++.
  stealer unicornstealer
- Unicorn Stealer payload
  stealer
- Blocklisted process makes network request
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

unicornstealerspywarestealer

behavioral2

unicornstealerspywarestealer

© 2018-2025

Terms | Privacy