oski | a9e2cff74c2afe7a6d87d7cb25bc41f044f8b492541729fb1503408b7ede6fa2 | Triage

Submit
Reports

Overview

overview

Static

static

purchase o...nt.exe

windows7_x64

purchase o...nt.exe

windows10_x64

Sharing

General

Target

purchase order acknowledgement.exe
Size

828KB
Sample

210503-h1arehsjtn
MD5

2756cff6b7da163940d5157bf9df7ece
SHA1

6665087ac729b5c9dc9dc9e920513b07794fbce6
SHA256

a9e2cff74c2afe7a6d87d7cb25bc41f044f8b492541729fb1503408b7ede6fa2
SHA512

3bc6544a70797079b85f06489fb213ad820612e1d25f069384a09b5e8e63107f30ef9fbe5da70c10e2d91767f746425a002552fd2d41b11095982241537914a3

Score

10^/10

oski discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

purchase order acknowledgement.exe

Resource

win7v20210408

oski discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

purchase order acknowledgement.exe

Resource

win10v20210408

oski discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

oski

C2

31.210.21.181

Targets

- Target
  
  purchase order acknowledgement.exe
- Size
  
  828KB
- MD5
  
  2756cff6b7da163940d5157bf9df7ece
- SHA1
  
  6665087ac729b5c9dc9dc9e920513b07794fbce6
- SHA256
  
  a9e2cff74c2afe7a6d87d7cb25bc41f044f8b492541729fb1503408b7ede6fa2
- SHA512
  
  3bc6544a70797079b85f06489fb213ad820612e1d25f069384a09b5e8e63107f30ef9fbe5da70c10e2d91767f746425a002552fd2d41b11095982241537914a3
Score

10^/10

oski discovery infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

oskidiscoveryinfostealerspywarestealer

behavioral2

oskidiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy