d7a52acd99d213cdeb1f91ed193868d0.exe

General
Target

d7a52acd99d213cdeb1f91ed193868d0.exe

Size

430KB

Sample

201119-33bmyzzggn

Score
10 /10
MD5

d7a52acd99d213cdeb1f91ed193868d0

SHA1

2bdc67502dc92d021ce64e92c7efcbdc6a00ad76

SHA256

b33d85386890e691d20cd76ee9f39b083f54143b597701e3a1687bcf832fb0ca

SHA512

f3f940f44b9f64eec721391e635f5a5fe9f5d1362b16ba7e46831ca39d2d3223d26211da1a72c82daf41e9e20d9f7b7356bbd6bb67c31e26558c34ee39415cb0

Malware Config
Targets
Target

d7a52acd99d213cdeb1f91ed193868d0.exe

MD5

d7a52acd99d213cdeb1f91ed193868d0

Filesize

430KB

Score
10 /10
SHA1

2bdc67502dc92d021ce64e92c7efcbdc6a00ad76

SHA256

b33d85386890e691d20cd76ee9f39b083f54143b597701e3a1687bcf832fb0ca

SHA512

f3f940f44b9f64eec721391e635f5a5fe9f5d1362b16ba7e46831ca39d2d3223d26211da1a72c82daf41e9e20d9f7b7356bbd6bb67c31e26558c34ee39415cb0

Tags

Signatures

  • Oski

    Description

    Oski is an infostealer targeting browser data, crypto wallets.

    Tags

  • Deletes itself

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • JavaScript code in executable

  • Modifies service

    Tags

    TTPs

    Modify Registry Modify Existing Service
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation
                Tasks