General
-
Target
Purchase Order 07052021.exe
-
Size
715KB
-
Sample
210507-vlczpcb5z2
-
MD5
5c71ba785015365d371ac1f21072fa23
-
SHA1
0b7ca3cdf7cf3c3a6ccd34ac2c610b0757748697
-
SHA256
3e7063017d638a0ae77d3576ffe9fc6c2c8e48235e010b35b697eb944c79cad1
-
SHA512
f2f4b845edd797d2c4bba32a319331f55c1175dedfeb3d8d59e9d54271a150bbf3f2d4bff6fcb2deb8ee4a122141cad0368650dbb6d0fe8544d716001c8d0c8f
Malware Config
Extracted
oski
209.141.49.199
Targets
-
-
Target
Purchase Order 07052021.exe
-
Size
715KB
-
MD5
5c71ba785015365d371ac1f21072fa23
-
SHA1
0b7ca3cdf7cf3c3a6ccd34ac2c610b0757748697
-
SHA256
3e7063017d638a0ae77d3576ffe9fc6c2c8e48235e010b35b697eb944c79cad1
-
SHA512
f2f4b845edd797d2c4bba32a319331f55c1175dedfeb3d8d59e9d54271a150bbf3f2d4bff6fcb2deb8ee4a122141cad0368650dbb6d0fe8544d716001c8d0c8f
Score10/10-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-