oski | bed5b9eae040bc5c251d0b025761373131dc12754660e6be4aa5b1c1d302f4ff | Triage

Submit
Reports

Overview

overview

Static

static

bed5b9eae0...ff.exe

windows7_x64

1

bed5b9eae0...ff.exe

windows10_x64

Sharing

General

Target

bed5b9eae040bc5c251d0b025761373131dc12754660e6be4aa5b1c1d302f4ff
Size

455KB
Sample

201106-q8aselvkre
MD5

77f6eb1421150e7d442a52023db4f754
SHA1

65fed9203ae5e688527350b9517a8e57fc1c8b25
SHA256

bed5b9eae040bc5c251d0b025761373131dc12754660e6be4aa5b1c1d302f4ff
SHA512

385d4ab6c3d2ca058c026f315b80c9b0699337878fb547b3716a9db747224a3876da64124dadad207e776a96e3d30b5835e2dbd7124406a1db8757a95e8da3bd

Score

10^/10

oski discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

bed5b9eae040bc5c251d0b025761373131dc12754660e6be4aa5b1c1d302f4ff.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

bed5b9eae040bc5c251d0b025761373131dc12754660e6be4aa5b1c1d302f4ff.exe

Resource

win10v20201028

oski discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

oski

C2

45.12.215.204

Targets

- Target
  
  bed5b9eae040bc5c251d0b025761373131dc12754660e6be4aa5b1c1d302f4ff
- Size
  
  455KB
- MD5
  
  77f6eb1421150e7d442a52023db4f754
- SHA1
  
  65fed9203ae5e688527350b9517a8e57fc1c8b25
- SHA256
  
  bed5b9eae040bc5c251d0b025761373131dc12754660e6be4aa5b1c1d302f4ff
- SHA512
  
  385d4ab6c3d2ca058c026f315b80c9b0699337878fb547b3716a9db747224a3876da64124dadad207e776a96e3d30b5835e2dbd7124406a1db8757a95e8da3bd
Score

10^/10

oski discovery infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

oskidiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy