unicornstealer | 50af05d0c4f75364b311da2e741fa40c0848a72b40df10dc92b1a4d247f75b10 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

d292e7388d...09.exe

windows7-x64

7

d292e7388d...09.exe

windows10-2004-x64

7

Sharing

General

Target

50af05d0c4f75364b311da2e741fa40c0848a72b40df10dc92b1a4d247f75b10
Size

618KB
Sample

240831-1tdpxsxfjp
MD5

ac4fc7b1a92cb5d0c18447c41f9a31f3
SHA1

4e3d348320e822e2c795062e8ac6cd9e8730a4a6
SHA256

50af05d0c4f75364b311da2e741fa40c0848a72b40df10dc92b1a4d247f75b10
SHA512

953158dc78646ccc4be9c5b5ddf85de0a67e7a668638024ef7ae6ccda77ccc95427e7dcf517a215306c742e53cee2e29d3cf2a7ea7f91ba23733054e0e9d02c8
SSDEEP

12288:PGM0Nbo5/qqGqyX22/EZgXp+PcqZfStbJrYlj5iOhu+Qe6popX1Kvk8vBx:OM0NW/qXqw22/E+Z+PcN1rY3bQMpFKvF

Score

10^/10

unicornstealer discovery spyware stealer

Static task

static1

stealer unicornstealer

3 signatures

Behavioral task

behavioral1

Sample

d292e7388d4cd59fc1fc5efe2e933e453bbbe53a29503a5c6447849afd6f3c09.exe

Resource

win7-20240708-en

discovery spyware stealer

windows7-x64

7 signatures

150 seconds

Behavioral task

behavioral2

Sample

d292e7388d4cd59fc1fc5efe2e933e453bbbe53a29503a5c6447849afd6f3c09.exe

Resource

win10v2004-20240802-en

discovery spyware stealer

windows10-2004-x64

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  d292e7388d4cd59fc1fc5efe2e933e453bbbe53a29503a5c6447849afd6f3c09
- Size
  
  1.2MB
- MD5
  
  4689527f10d148468069ee575d34716c
- SHA1
  
  c4e6fb7495ce9fc80ff9304d8976e4c0e02506dc
- SHA256
  
  d292e7388d4cd59fc1fc5efe2e933e453bbbe53a29503a5c6447849afd6f3c09
- SHA512
  
  492526d830cbe3c2cf399722a314f93096cc2f0cb17f0cd9be871660efba29777bca6d48e08ddbfea44705d1d557b2bdfcbd8adfcd5b9d5c444f0235ad671c15
- SSDEEP
  
  24576:yzd9Sm6s3SB4VbhzGcHb0bBhXxtyesOlU0YOTAXnA91IV7HExDaIu:yzTSmvdcwb0VhXHlrTKA91IV7HExOIu
Score

7^/10

discovery spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Uses Tor communications
  Malware can proxy its traffic through Tor for more anonymity.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Browser Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Proxy

Exfiltration

Impact

Tasks

static1

stealerunicornstealer

behavioral1

discoveryspywarestealer

behavioral2

discoveryspywarestealer

© 2018-2025

Terms | Privacy