Overview

overview

10

Static

static

9

Unic/Unicore.exe

windows7-x64

10

Unic/Unicore.exe

windows10-2004-x64

10

Unic/web.dll

windows7-x64

1

Unic/web.dll

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    honzeEopnaC.zip

  • Size

    8.4MB

  • Sample

    240616-qgs9qsvbjh

  • MD5

    02b3c40ed4b99ea995522a918e00ed12

  • SHA1

    e90f6c5fa0c1a18072021fa332ce18438b382f9d

  • SHA256

    1e97991128cf9cc7643f8175ea8269e393211ef477ace9cc78be5e9acce05e4f

  • SHA512

    501c4ee6e59635cdfe1452fa682aa55fb72b5625f95995e73cafe958c0940efd8fe5316775b50eed1001a570a07c6eafdcd17f288eec7d1570509a74078a612c

  • SSDEEP

    196608:NpbUfGHEAGCKtonpy+9zUwKRew8nxK3yrjstiA23wlt5mV:NWuHEAcoIiQynxWyrw4wH58

Score
10/10
cryptonediscoverypackerspywarestealer

Malware Config

Targets

    • Target

      Unic/Unicore.exe

    • Size

      250.0MB

    • MD5

      daedd0adf5c3350ae5a16312887c0d72

    • SHA1

      2ed4ec4419988106f6ed577e0df423bdb902eb11

    • SHA256

      998ae90e88e1810bccb2378e6f023348d407829d09a5b21110dfdaddd3d6ead6

    • SHA512

      e3c69d322497993531182e0baf2f23537edc4d5cbc23ce5e8e8a77d5f76bf82995568bb37f00258b42f902ec52c675b0b5fb2c8098f4c92aee67224935e94503

    • SSDEEP

      24576:cgkBhqECQiwDnaBCAhA3mmLBJ3OBqaPzrcw8oVfwlas:cgujMu1WN8w8oVfD

    Score
    10/10
    discoveryspywarestealer

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery
    behavioral1behavioral2

    • Target

      Unic/web

    • Size

      18.7MB

    • MD5

      88fd7dbf04bcf75123d02009aea3f7f7

    • SHA1

      cecf16bdad71e54afc941179ea2b7438a04efa1d

    • SHA256

      01481b9a862936fbc090bda4033f22d7ffa5a7bfe5dc32f47c7794332b34eec4

    • SHA512

      2c6298b5adf91b51f0042d48e0846f5b196d52a588fd4fc577bf19ec26ad8e547382279a15f8bf131b08b0d7c140534aff25f82d5e8998818b812e72c9493917

    • SSDEEP

      393216:hqA/D2IIyzg8DolBo6i0KoI6Di42sC1/syU3DXNs6hq8:hqcaZyV0fC1JOpjhq8

    Score
    1/10
    behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Process Discovery

1
T1057

Lateral Movement

Collection

Data from Local System

2
T1005

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks