Overview

overview

10

Static

static

8

IMG_108_60_504_10.xls

windows7_x64

10

IMG_108_60_504_10.xls

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    IMG_108_60_504_10.xls

  • Size

    386KB

  • Sample

    210414-qkrfr8lfc6

  • MD5

    04fbea5ffe3e351533bc0a4509c51505

  • SHA1

    f0b7ad5184bccb1570b91ddbb192705a476f1974

  • SHA256

    be88c65266ce52179410570bbca448cf49c6aff1b56845a27085af47e2d19681

  • SHA512

    da271a793200ed77e0c7e86a57a91586c83828c87e0d3d455ab3aee20bb6a5a832459349dddfdd26dd93aae7ae3974a886cb756d4d15e07b49aa6d028bc252e0

Score
10/10
oskiinfostealermacromacro_on_actionspywarestealerxlm

Malware Config

Extracted

Family

oski

C2

novget.com

Targets

    • Target

      IMG_108_60_504_10.xls

    • Size

      386KB

    • MD5

      04fbea5ffe3e351533bc0a4509c51505

    • SHA1

      f0b7ad5184bccb1570b91ddbb192705a476f1974

    • SHA256

      be88c65266ce52179410570bbca448cf49c6aff1b56845a27085af47e2d19681

    • SHA512

      da271a793200ed77e0c7e86a57a91586c83828c87e0d3d455ab3aee20bb6a5a832459349dddfdd26dd93aae7ae3974a886cb756d4d15e07b49aa6d028bc252e0

    Score
    10/10
    oskiinfostealerspywarestealer

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

      infostealeroski

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks