oski | b0696a88c5c0c9d0a06f9b0316c854a3784d79ad0ca5bb4cb055ded62285a286 | Triage

Submit
Reports

Overview

overview

Static

static

DTI_621-746-012.xlsx

windows7_x64

DTI_621-746-012.xlsx

windows10_x64

1

Sharing

General

Target

DTI_621-746-012.xlsx
Size

8KB
Sample

210503-4cw955936j
MD5

6381ca8d8726bacc65c588535dbb8398
SHA1

238c8b5f9e4db7a99401b928857473844fd63f6c
SHA256

b0696a88c5c0c9d0a06f9b0316c854a3784d79ad0ca5bb4cb055ded62285a286
SHA512

df7ec8f35106d49a552c7c9d0dc47101d1bcf518718308fcd92ceca6b1ba71ef6092b80d182022844c65294e444f0c73c7667172a9d208df4d2afabbfa0aab7c

Score

10^/10

oski discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

DTI_621-746-012.xlsx

Resource

win7v20210408

oski discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DTI_621-746-012.xlsx

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

oski

C2

31.210.20.238

Targets

- Target
  
  DTI_621-746-012.xlsx
- Size
  
  8KB
- MD5
  
  6381ca8d8726bacc65c588535dbb8398
- SHA1
  
  238c8b5f9e4db7a99401b928857473844fd63f6c
- SHA256
  
  b0696a88c5c0c9d0a06f9b0316c854a3784d79ad0ca5bb4cb055ded62285a286
- SHA512
  
  df7ec8f35106d49a552c7c9d0dc47101d1bcf518718308fcd92ceca6b1ba71ef6092b80d182022844c65294e444f0c73c7667172a9d208df4d2afabbfa0aab7c
Score

10^/10

oski discovery infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

oskidiscoveryinfostealerspywarestealer

behavioral2

© 2018-2024

Terms | Privacy