oski | 3b9f555888df6326a6a0c7dd2c2c1c2d78bbb969c1b7d40ea0d0e9679a06bbc5 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...24.exe

windows7_x64

SecuriteIn...24.exe

windows10_x64

3

Sharing

General

Target

SecuriteInfo.com.Gen.NN.ZemsilF.34132.6q1@a4elV5i.17824
Size

929KB
Sample

200711-aeyxtc39xs
MD5

bd0cccb00c2af56c6fee9d748541b370
SHA1

295492a78e3cdc51d4f487f8ddbff07a4fbfdd5a
SHA256

3b9f555888df6326a6a0c7dd2c2c1c2d78bbb969c1b7d40ea0d0e9679a06bbc5
SHA512

5e41426988b9bb47f40ffad43cc96ede0a1e957e0fbec53959ecc81f0e7085fd83306c0544b7e5af2b43e51b9c0977724661a05f28024ae0f69d2ddbe4faa818

Score

10^/10

oski discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Gen.NN.ZemsilF.34132.6q1@a4elV5i.17824.exe

Resource

win7v200430

oski discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Gen.NN.ZemsilF.34132.6q1@a4elV5i.17824.exe

Resource

win10

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

oski

C2

162.0.224.159

Targets

- Target
  
  SecuriteInfo.com.Gen.NN.ZemsilF.34132.6q1@a4elV5i.17824
- Size
  
  929KB
- MD5
  
  bd0cccb00c2af56c6fee9d748541b370
- SHA1
  
  295492a78e3cdc51d4f487f8ddbff07a4fbfdd5a
- SHA256
  
  3b9f555888df6326a6a0c7dd2c2c1c2d78bbb969c1b7d40ea0d0e9679a06bbc5
- SHA512
  
  5e41426988b9bb47f40ffad43cc96ede0a1e957e0fbec53959ecc81f0e7085fd83306c0544b7e5af2b43e51b9c0977724661a05f28024ae0f69d2ddbe4faa818
Score

10^/10

oski discovery infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

oskidiscoveryinfostealerspywarestealer

behavioral2

© 2018-2024

Terms | Privacy