oski | 170d07557b53788f7718957661880e48e7e8aa711d417ef722ef1da67beb9e58 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...87.exe

windows7_x64

1

SecuriteIn...87.exe

windows10_x64

Sharing

General

Target

SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787
Size

706KB
Sample

201111-w7363fdb9s
MD5

9c4dae36c101af2a1bf1b1de16ee5868
SHA1

bcfc8812e4e9457366c8930309875aae3c1c7a73
SHA256

170d07557b53788f7718957661880e48e7e8aa711d417ef722ef1da67beb9e58
SHA512

c2b03abf2ebcc8d7a3b6815594b7bcbf46adb5843c3dc7a96753df616343b3c8fcbe156ccc892e061d4ea86c95199a58c27490e53b5eaff26fc606f77f8c5bca

Score

10^/10

oski discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe

Resource

win7v20201028

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787.exe

Resource

win10v20201028

oski discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

oski

C2

morasergiov.ac.ug

Targets

- Target
  
  SecuriteInfo.com.Trojan.MulDrop15.60031.26028.787
- Size
  
  706KB
- MD5
  
  9c4dae36c101af2a1bf1b1de16ee5868
- SHA1
  
  bcfc8812e4e9457366c8930309875aae3c1c7a73
- SHA256
  
  170d07557b53788f7718957661880e48e7e8aa711d417ef722ef1da67beb9e58
- SHA512
  
  c2b03abf2ebcc8d7a3b6815594b7bcbf46adb5843c3dc7a96753df616343b3c8fcbe156ccc892e061d4ea86c95199a58c27490e53b5eaff26fc606f77f8c5bca
Score

10^/10

oski discovery infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

oskidiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy