oski | 0b1b4fb37a602b25644ac58316338b973f4a141ba68be320ddfa4950549007f0 | Triage

Submit
Reports

Overview

overview

Static

static

FPI_874101020075.xlsx

windows7_x64

FPI_874101020075.xlsx

windows10_x64

1

Sharing

General

Target

FPI_874101020075.xlsx
Size

8KB
Sample

210503-a519nxtn26
MD5

732c227884f8da18a5dc347b68b5b842
SHA1

c9d9f41e60c006d96b742577352d03493786316a
SHA256

0b1b4fb37a602b25644ac58316338b973f4a141ba68be320ddfa4950549007f0
SHA512

96f31a786c3ae5de0c678d645d9f61118fbafa75825e0e07ea945623ec95ecd8a3c3d6f91a2a6e981be87742ef5095bcc7707379a48826ced8a011b904e7525d

Score

10^/10

oski discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

FPI_874101020075.xlsx

Resource

win7v20210410

oski discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

FPI_874101020075.xlsx

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

oski

C2

31.210.21.71

Targets

- Target
  
  FPI_874101020075.xlsx
- Size
  
  8KB
- MD5
  
  732c227884f8da18a5dc347b68b5b842
- SHA1
  
  c9d9f41e60c006d96b742577352d03493786316a
- SHA256
  
  0b1b4fb37a602b25644ac58316338b973f4a141ba68be320ddfa4950549007f0
- SHA512
  
  96f31a786c3ae5de0c678d645d9f61118fbafa75825e0e07ea945623ec95ecd8a3c3d6f91a2a6e981be87742ef5095bcc7707379a48826ced8a011b904e7525d
Score

10^/10

oski discovery infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

oskidiscoveryinfostealerspywarestealer

behavioral2

© 2018-2024

Terms | Privacy