oski | 6bbdcec0763847706f9b75674aad231ff23afd2b212138fc630a86f69f8180d8 | Triage

Submit
Reports

Overview

overview

Static

static

SecuriteIn...32.exe

windows7_x64

SecuriteIn...32.exe

windows10_x64

Sharing

General

Target

SecuriteInfo.com.Trojan.GenericKD.46212578.16723.14032
Size

765KB
Sample

210503-2gbfzl2sgx
MD5

090148a4d527120eaaa7d5d2f0aa5bf1
SHA1

a5c6148505c3707580947351e9d07062979bb05d
SHA256

6bbdcec0763847706f9b75674aad231ff23afd2b212138fc630a86f69f8180d8
SHA512

48b9c690c51920e0119899f509d627e82866b004f456481a22e25a86d507568535e0bb858241ed8b376bc29221a233d3335cc951f694f2303423d2385aa23399

Score

10^/10

oski discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

SecuriteInfo.com.Trojan.GenericKD.46212578.16723.14032.exe

Resource

win7v20210410

oski discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

SecuriteInfo.com.Trojan.GenericKD.46212578.16723.14032.exe

Resource

win10v20210410

oski discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

oski

C2

205.185.120.57

Targets

- Target
  
  SecuriteInfo.com.Trojan.GenericKD.46212578.16723.14032
- Size
  
  765KB
- MD5
  
  090148a4d527120eaaa7d5d2f0aa5bf1
- SHA1
  
  a5c6148505c3707580947351e9d07062979bb05d
- SHA256
  
  6bbdcec0763847706f9b75674aad231ff23afd2b212138fc630a86f69f8180d8
- SHA512
  
  48b9c690c51920e0119899f509d627e82866b004f456481a22e25a86d507568535e0bb858241ed8b376bc29221a233d3335cc951f694f2303423d2385aa23399
Score

10^/10

oski discovery infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Downloads MZ/PE file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

oskidiscoveryinfostealerspywarestealer

behavioral2

oskidiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy