FLP_1037850047.exe

General
Target

FLP_1037850047.exe

Size

379KB

Sample

210506-5pldk28nha

Score
10 /10
MD5

d32bc982566fbb8d81d3012779d3c320

SHA1

74e5c60af59a50757abc29942c888fa43e854204

SHA256

a59fbc4f9903ed18c989e87bc83073b463310ffe6c90a43c53400739719d0aae

SHA512

de6afafb1412a652405072ba6f123383baa55e9287bbbef8a2e9c25edbfdebb6bf9e8aa1834caf386384096ce7eaa3c9dc03b7831f134ad8ccc4c98f066db699

Malware Config

Extracted

Family oski
C2

duiy.xyz

Targets
Target

FLP_1037850047.exe

MD5

d32bc982566fbb8d81d3012779d3c320

Filesize

379KB

Score
10 /10
SHA1

74e5c60af59a50757abc29942c888fa43e854204

SHA256

a59fbc4f9903ed18c989e87bc83073b463310ffe6c90a43c53400739719d0aae

SHA512

de6afafb1412a652405072ba6f123383baa55e9287bbbef8a2e9c25edbfdebb6bf9e8aa1834caf386384096ce7eaa3c9dc03b7831f134ad8ccc4c98f066db699

Tags

Signatures

  • Oski

    Description

    Oski is an infostealer targeting browser data, crypto wallets.

    Tags

  • Deletes itself

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks