General
-
Target
IMG053110579.exe
-
Size
263KB
-
Sample
210507-rfjz35a3j2
-
MD5
8ff3cd20c7ca5a373dc7b988e2668bb5
-
SHA1
a278ea762a0ade0c58ad49e9aa15075ef61e592c
-
SHA256
5f55898f4f260025ec6507f92ed128dcd90f5f83d14b507282352f4c79fb71bc
-
SHA512
38e230b2a08e4ba51f64d8d3d05adf0b4546ef7675932309983b8162653585312f92202d8ca0d3901585756061d3fdf27aa8b3355bd3f5ca6727148e81051b56
Malware Config
Extracted
oski
209.141.40.19
Targets
-
-
Target
IMG053110579.exe
-
Size
263KB
-
MD5
8ff3cd20c7ca5a373dc7b988e2668bb5
-
SHA1
a278ea762a0ade0c58ad49e9aa15075ef61e592c
-
SHA256
5f55898f4f260025ec6507f92ed128dcd90f5f83d14b507282352f4c79fb71bc
-
SHA512
38e230b2a08e4ba51f64d8d3d05adf0b4546ef7675932309983b8162653585312f92202d8ca0d3901585756061d3fdf27aa8b3355bd3f5ca6727148e81051b56
Score10/10-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-