oski | f98f307a6a414fcbe42e1017d720f1ed8c9e0df21b703f74e94dbe1afa8b32ff | Triage

Submit
Reports

Overview

overview

Static

static

PLI5130745618.exe

windows7_x64

PLI5130745618.exe

windows10_x64

Sharing

General

Target

PLI5130745618.exe
Size

226KB
Sample

210503-4ffypaqabx
MD5

9b807ec7d5c9fa755cd95453f9a7c0d0
SHA1

9bb35f35f97839e4c995ab39246a5caac983c928
SHA256

f98f307a6a414fcbe42e1017d720f1ed8c9e0df21b703f74e94dbe1afa8b32ff
SHA512

cdead31dc1be9a60e3fe616b4dbf47bd646b0ea89ea2f676590222d8a4917d46af310d63844c1374faf76be032ff84ac5d3d25f9b4949e11b226a38e12d71e46

Score

10^/10

oski discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

PLI5130745618.exe

Resource

win7v20210410

oski discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PLI5130745618.exe

Resource

win10v20210408

oski discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

oski

C2

31.210.21.231

Targets

- Target
  
  PLI5130745618.exe
- Size
  
  226KB
- MD5
  
  9b807ec7d5c9fa755cd95453f9a7c0d0
- SHA1
  
  9bb35f35f97839e4c995ab39246a5caac983c928
- SHA256
  
  f98f307a6a414fcbe42e1017d720f1ed8c9e0df21b703f74e94dbe1afa8b32ff
- SHA512
  
  cdead31dc1be9a60e3fe616b4dbf47bd646b0ea89ea2f676590222d8a4917d46af310d63844c1374faf76be032ff84ac5d3d25f9b4949e11b226a38e12d71e46
Score

10^/10

oski discovery infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

oskidiscoveryinfostealerspywarestealer

behavioral2

oskidiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy