oski | c0ff93ef4930a7dc2d95a6ee490fecdddcbe946e479b1d4fdb47285245b28675 | Triage

Submit
Reports

Overview

overview

Static

static

1

BillOfLading.exe

windows7_x64

BillOfLading.exe

windows10_x64

Sharing

General

Target

BillOfLading.exe
Size

260KB
Sample

210331-szjcmflb1n
MD5

a27e08ddf60d5403c02a482a8c3885ac
SHA1

8d98313ff780d8d8c2d779ce5022cc03d72f606b
SHA256

c0ff93ef4930a7dc2d95a6ee490fecdddcbe946e479b1d4fdb47285245b28675
SHA512

d1d30f1599bfc58a26d25eb641ccc152924fb0cbce253c7c599b5183d3dcf7fb31d80fa75277221895e7526bdbe4ec7c080267340a0649001e6bd28614f31f36

Score

10^/10

oski discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

BillOfLading.exe

Resource

win7v20201028

oski discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

BillOfLading.exe

Resource

win10v20201028

oski discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

oski

C2

http://45.85.90.220

Targets

- Target
  
  BillOfLading.exe
- Size
  
  260KB
- MD5
  
  a27e08ddf60d5403c02a482a8c3885ac
- SHA1
  
  8d98313ff780d8d8c2d779ce5022cc03d72f606b
- SHA256
  
  c0ff93ef4930a7dc2d95a6ee490fecdddcbe946e479b1d4fdb47285245b28675
- SHA512
  
  d1d30f1599bfc58a26d25eb641ccc152924fb0cbce253c7c599b5183d3dcf7fb31d80fa75277221895e7526bdbe4ec7c080267340a0649001e6bd28614f31f36
Score

10^/10

oski discovery infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

oskidiscoveryinfostealerspywarestealer

behavioral2

oskidiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy