IMG052361778.exe

General
Target

IMG052361778.exe

Size

691KB

Sample

210506-e5wssk39n2

Score
10 /10
MD5

74a962db45d6ab6c859ff627987bf1f6

SHA1

893b19a862fca02a5ec9ab0cd270a4970849ecb1

SHA256

c210434fcb39927f4a0d0a844a1a883f8274bc3b9e6d3e6e883f8072f316ca6a

SHA512

3a4e33f3f625e6c861eebb71a50bfbb693c102b896118d808317b546a7e6dbf28fe91b549b58d723dc27a207063a9822404ef8df3dd4a986e489b0851b1c999c

Malware Config

Extracted

Family oski
C2

193.142.59.33

Targets
Target

IMG052361778.exe

MD5

74a962db45d6ab6c859ff627987bf1f6

Filesize

691KB

Score
10 /10
SHA1

893b19a862fca02a5ec9ab0cd270a4970849ecb1

SHA256

c210434fcb39927f4a0d0a844a1a883f8274bc3b9e6d3e6e883f8072f316ca6a

SHA512

3a4e33f3f625e6c861eebb71a50bfbb693c102b896118d808317b546a7e6dbf28fe91b549b58d723dc27a207063a9822404ef8df3dd4a986e489b0851b1c999c

Tags

Signatures

  • Oski

    Description

    Oski is an infostealer targeting browser data, crypto wallets.

    Tags

  • Downloads MZ/PE file

  • Deletes itself

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks