oski | 808910839d0446439d58dbff8bf7d36db24892fb0ebd018a9dcafc24ddd9d34c | Triage

Submit
Reports

Overview

overview

Static

static

Pvcjjru.exe

windows7_x64

Pvcjjru.exe

windows10_x64

Sharing

General

Target

Pvcjjru.exe
Size

266KB
Sample

210419-9cgrhs76qj
MD5

6581f25476a8e4009877ba7498489ef6
SHA1

dbacf300333c598ebd34e57228efc569cadee154
SHA256

808910839d0446439d58dbff8bf7d36db24892fb0ebd018a9dcafc24ddd9d34c
SHA512

11cbd153b5d1e53f8c758b616889fd6e2ce5f0e4533daa6c7fd04e41ae740a194378b12c3768ca62b5eb01d2a55f34fb99f28a42b8a7e9380d7b277b4b039add

Score

10^/10

oski discovery infostealer persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Pvcjjru.exe

Resource

win7v20210410

oski discovery infostealer persistence spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Pvcjjru.exe

Resource

win10v20210408

oski discovery infostealer persistence spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

oski

C2

novget.com

Targets

- Target
  
  Pvcjjru.exe
- Size
  
  266KB
- MD5
  
  6581f25476a8e4009877ba7498489ef6
- SHA1
  
  dbacf300333c598ebd34e57228efc569cadee154
- SHA256
  
  808910839d0446439d58dbff8bf7d36db24892fb0ebd018a9dcafc24ddd9d34c
- SHA512
  
  11cbd153b5d1e53f8c758b616889fd6e2ce5f0e4533daa6c7fd04e41ae740a194378b12c3768ca62b5eb01d2a55f34fb99f28a42b8a7e9380d7b277b4b039add
Score

10^/10

oski discovery infostealer persistence spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Adds Run key to start application
  persistence
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

oskidiscoveryinfostealerpersistencespywarestealer

behavioral2

oskidiscoveryinfostealerpersistencespywarestealer

© 2018-2024

Terms | Privacy