unicornstealer | 9634c5efbda486f33066bddeec1d80ee2ce1f89c5e8ce55189da3c90986059d7 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

737ab7aba2...18.dll

windows7-x64

737ab7aba2...18.dll

windows10-2004-x64

Sharing

General

Target

737ab7aba216fc2abee9d4c3f9180a89_JaffaCakes118
Size

4.7MB
Sample

240726-lgl37sshkd
MD5

737ab7aba216fc2abee9d4c3f9180a89
SHA1

b593cd2742f88d0f93023402b1f01199c7b553a8
SHA256

9634c5efbda486f33066bddeec1d80ee2ce1f89c5e8ce55189da3c90986059d7
SHA512

250bbd2149446e5d15b67525ecbc32fcc6a52d2a2279fb1895c16f5e4c9e8be5ec8c6bb0b721c4f6188a84b82528bd60baf3e7b494b086a9696ada638a624d8d
SSDEEP

49152:p+avudqS6vdIJH5m+A2O0RPLK7HHztGsFXEezqWmT6Td/GDlEzt:IkjoLKTFXEe+7E

Score

10^/10

unicornstealer discovery spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

737ab7aba216fc2abee9d4c3f9180a89_JaffaCakes118.dll

Resource

win7-20240708-en

unicornstealer discovery spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

737ab7aba216fc2abee9d4c3f9180a89_JaffaCakes118.dll

Resource

win10v2004-20240709-en

unicornstealer discovery spyware stealer

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  737ab7aba216fc2abee9d4c3f9180a89_JaffaCakes118
- Size
  
  4.7MB
- MD5
  
  737ab7aba216fc2abee9d4c3f9180a89
- SHA1
  
  b593cd2742f88d0f93023402b1f01199c7b553a8
- SHA256
  
  9634c5efbda486f33066bddeec1d80ee2ce1f89c5e8ce55189da3c90986059d7
- SHA512
  
  250bbd2149446e5d15b67525ecbc32fcc6a52d2a2279fb1895c16f5e4c9e8be5ec8c6bb0b721c4f6188a84b82528bd60baf3e7b494b086a9696ada638a624d8d
- SSDEEP
  
  49152:p+avudqS6vdIJH5m+A2O0RPLK7HHztGsFXEezqWmT6Td/GDlEzt:IkjoLKTFXEe+7E
Score

10^/10

unicornstealer discovery spyware stealer
- UnicornStealer
  UnicornStealer is a modular infostealer written in C++.
  stealer unicornstealer
- Unicorn Stealer payload
  stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Proxy

Exfiltration

Impact

Tasks

static1

behavioral1

unicornstealerdiscoveryspywarestealer

behavioral2

unicornstealerdiscoveryspywarestealer

© 2018-2025

Terms | Privacy