General
-
Target
791d39e806357e832c5aa1043ebdfe95c90ffe41f20376ad5ea955b049c5dac7
-
Size
684KB
-
Sample
210406-x7zlhjzs7j
-
MD5
b53c91938416807d1ee5a408c5b2a636
-
SHA1
2bd54114bccd24abf158ee1b5ae1e77a238f4bc1
-
SHA256
791d39e806357e832c5aa1043ebdfe95c90ffe41f20376ad5ea955b049c5dac7
-
SHA512
855ffa525e36e9406d8c4ee9c148effe994c1e513ea498757ef91918d93c2c9a33ffdce457b31754c8cf65577caa012320ccd450bdc82cac6963b0dbed110dac
Malware Config
Extracted
oski
http://45.85.90.220
Targets
-
-
Target
791d39e806357e832c5aa1043ebdfe95c90ffe41f20376ad5ea955b049c5dac7
-
Size
684KB
-
MD5
b53c91938416807d1ee5a408c5b2a636
-
SHA1
2bd54114bccd24abf158ee1b5ae1e77a238f4bc1
-
SHA256
791d39e806357e832c5aa1043ebdfe95c90ffe41f20376ad5ea955b049c5dac7
-
SHA512
855ffa525e36e9406d8c4ee9c148effe994c1e513ea498757ef91918d93c2c9a33ffdce457b31754c8cf65577caa012320ccd450bdc82cac6963b0dbed110dac
Score10/10-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-