Overview

overview

10

Static

static

IMG_0501_765_013.exe

windows7_x64

10

IMG_0501_765_013.exe

windows10_x64

10

Analysis

  • max time kernel
    151s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7v20210408
  • submitted
    06-05-2021 14:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    IMG_0501_765_013.exe

  • Size

    222KB

  • MD5

    716e89179126809cc5a4b476a03dda11

  • SHA1

    29bfe1170a118c56776938fb44289884da261294

  • SHA256

    2976262aeed56001f874b183072c03360a1dbcdde67bfdcc982078d3bc246857

  • SHA512

    fbecf0cdd2bb9df647034bc16d0c6b9749406c30a10e4fa19305b592f066670af80137923c56ef2f9c12b3cc44a2eb99e1b1f9913ebc37abb775b6fd15e27e22

Score
10/10
oskiinfostealer

Malware Config

Extracted

Family

oski

C2

31.210.21.154

Signatures

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

    infostealeroski
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 18 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 26 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\IMG_0501_765_013.exe
    "C:\Users\Admin\AppData\Local\Temp\IMG_0501_765_013.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1992
    • C:\Users\Admin\AppData\Local\Temp\IMG_0501_765_013.exe
      C:\Users\Admin\AppData\Local\Temp\IMG_0501_765_013.exe
      2⤵
        PID:1616
      • C:\Users\Admin\AppData\Local\Temp\IMG_0501_765_013.exe
        C:\Users\Admin\AppData\Local\Temp\IMG_0501_765_013.exe
        2⤵
          PID:1612
        • C:\Users\Admin\AppData\Local\Temp\IMG_0501_765_013.exe
          C:\Users\Admin\AppData\Local\Temp\IMG_0501_765_013.exe
          2⤵
            PID:1648
          • C:\Users\Admin\AppData\Local\Temp\IMG_0501_765_013.exe
            C:\Users\Admin\AppData\Local\Temp\IMG_0501_765_013.exe
            2⤵
              PID:652
            • C:\Users\Admin\AppData\Local\Temp\IMG_0501_765_013.exe
              C:\Users\Admin\AppData\Local\Temp\IMG_0501_765_013.exe
              2⤵
                PID:748

            Network

            MITRE ATT&CK Matrix

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/748-65-0x0000000000400000-0x0000000000438000-memory.dmp

              Filesize

              224KB

              Download

            • memory/748-66-0x000000000040717B-mapping.dmp

              Download

            • memory/748-67-0x0000000075B31000-0x0000000075B33000-memory.dmp

              Filesize

              8KB

              Download

            • memory/748-68-0x0000000000400000-0x0000000000438000-memory.dmp

              Filesize

              224KB

              Download

            • memory/1992-60-0x0000000000160000-0x0000000000161000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1992-62-0x00000000004F0000-0x00000000004F2000-memory.dmp

              Filesize

              8KB

              Download

            • memory/1992-63-0x00000000005A0000-0x00000000005A1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/1992-64-0x00000000005E0000-0x00000000005FF000-memory.dmp

              Filesize

              124KB

              Download