PO5621.scr.exe

General
Target

PO5621.scr.exe

Size

306KB

Sample

210506-y7za9a7eh2

Score
10 /10
MD5

b0926a6e4c1887f81024b17df73199c5

SHA1

3fcdd6ff8323713c8cf3e11edca6c5e195dd4139

SHA256

244cc88debf6465b93584d1f63c592c52bd029deec2f24fc4a3328725838d239

SHA512

b16dd1c26ce8c4654202a9ca779f3a2ce12a563a5b7670e06610829d2b1abd092543a524247ed7997d56f26bb1d02b5c6310eb12a5a741260ab298fb5d61f1f8

Malware Config

Extracted

Family oski
C2

203.159.80.65

Targets
Target

PO5621.scr.exe

MD5

b0926a6e4c1887f81024b17df73199c5

Filesize

306KB

Score
10 /10
SHA1

3fcdd6ff8323713c8cf3e11edca6c5e195dd4139

SHA256

244cc88debf6465b93584d1f63c592c52bd029deec2f24fc4a3328725838d239

SHA512

b16dd1c26ce8c4654202a9ca779f3a2ce12a563a5b7670e06610829d2b1abd092543a524247ed7997d56f26bb1d02b5c6310eb12a5a741260ab298fb5d61f1f8

Tags

Signatures

  • Oski

    Description

    Oski is an infostealer targeting browser data, crypto wallets.

    Tags

  • Downloads MZ/PE file

  • Deletes itself

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    1/10