oski | b8d46a1452a5f4213e638804255528e6ee5d661e525a6b86984ddac3466fbb9a | Triage

Submit
Reports

Overview

overview

Static

static

1

Shipment D...ed.exe

windows7_x64

Shipment D...ed.exe

windows10_x64

Sharing

General

Target

Shipment Document BL,INV And Packing List Attached.ace
Size

324KB
Sample

210419-ycj8wsy1l6
MD5

33ec2e09eab558dde77756c2829da20d
SHA1

3addac02620740766209bdcd9d150ef0441095ce
SHA256

b8d46a1452a5f4213e638804255528e6ee5d661e525a6b86984ddac3466fbb9a
SHA512

2ffb21776bf1ac66cac7e7dce13a1713f9ad6693be48fd28ca8188da92c176bcd5bddf9dab7581b5c14cd88d88cd1bb2b0f9eeea9d81d2ccc0a4666b372c9ab5

Score

10^/10

oski discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Shipment Document BL,INV And Packing List Attached.exe

Resource

win7v20210410

oski discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Shipment Document BL,INV And Packing List Attached.exe

Resource

win10v20210408

oski discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

oski

C2

31.210.20.228

Targets

- Target
  
  Shipment Document BL,INV And Packing List Attached.exe
- Size
  
  407KB
- MD5
  
  09a5ea79ee56b843410569991ddc9832
- SHA1
  
  7dfa7e28dde9faac7789386835b908c364de6e5d
- SHA256
  
  658043783849531e40717a2dbfb8ccecdfb2352edc9e386f700884e1feb37fa9
- SHA512
  
  0afb3d5cd7a8c6ac533dd6fc5afe3e2cfd59a5722a01c4654b210e857129b77cee46b100a0a7e2eca57507658aa7f16cb63e943073236f7fe7bd310207910bf9
Score

10^/10

oski discovery infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

oskidiscoveryinfostealerspywarestealer

behavioral2

oskidiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy