Overview

overview

10

Static

static

1

PO5621.scr.exe

windows7_x64

10

PO5621.scr.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO5621.scr.exe

  • Size

    306KB

  • Sample

    210506-y7za9a7eh2

  • MD5

    b0926a6e4c1887f81024b17df73199c5

  • SHA1

    3fcdd6ff8323713c8cf3e11edca6c5e195dd4139

  • SHA256

    244cc88debf6465b93584d1f63c592c52bd029deec2f24fc4a3328725838d239

  • SHA512

    b16dd1c26ce8c4654202a9ca779f3a2ce12a563a5b7670e06610829d2b1abd092543a524247ed7997d56f26bb1d02b5c6310eb12a5a741260ab298fb5d61f1f8

Score
10/10
oskidiscoveryinfostealerspywarestealer

Malware Config

Extracted

Family

oski

C2

203.159.80.65

Targets

    • Target

      PO5621.scr.exe

    • Size

      306KB

    • MD5

      b0926a6e4c1887f81024b17df73199c5

    • SHA1

      3fcdd6ff8323713c8cf3e11edca6c5e195dd4139

    • SHA256

      244cc88debf6465b93584d1f63c592c52bd029deec2f24fc4a3328725838d239

    • SHA512

      b16dd1c26ce8c4654202a9ca779f3a2ce12a563a5b7670e06610829d2b1abd092543a524247ed7997d56f26bb1d02b5c6310eb12a5a741260ab298fb5d61f1f8

    Score
    10/10
    oskidiscoveryinfostealerspywarestealer

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

      infostealeroski

    • Downloads MZ/PE file

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks