oski | 04739bba7ef80f72f47dd22eb66b9fddb6f48b5c3744b1f9cc6018615aa11bd6 | Triage

Submit
Reports

Overview

overview

Static

static

Zguzieszn.exe

windows7_x64

Zguzieszn.exe

windows10_x64

Sharing

General

Target

Zguzieszn.exe
Size

258KB
Sample

210507-ydga8y8ess
MD5

24e9df3d16780b449b0ec80f25c263b7
SHA1

b410b497a791b962e8b9e11b605c291492e542b6
SHA256

04739bba7ef80f72f47dd22eb66b9fddb6f48b5c3744b1f9cc6018615aa11bd6
SHA512

4a790485ce2f2e2a92892afc948448162fc08e6e5d352281bd3dbfa12cee44635a838f312197e9be27b12550081ed34b21a839cb805efde0c7365102aad03cd2

Score

10^/10

oski discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Zguzieszn.exe

Resource

win7v20210410

oski discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Zguzieszn.exe

Resource

win10v20210408

oski discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

oski

C2

198.98.49.140

Targets

- Target
  
  Zguzieszn.exe
- Size
  
  258KB
- MD5
  
  24e9df3d16780b449b0ec80f25c263b7
- SHA1
  
  b410b497a791b962e8b9e11b605c291492e542b6
- SHA256
  
  04739bba7ef80f72f47dd22eb66b9fddb6f48b5c3744b1f9cc6018615aa11bd6
- SHA512
  
  4a790485ce2f2e2a92892afc948448162fc08e6e5d352281bd3dbfa12cee44635a838f312197e9be27b12550081ed34b21a839cb805efde0c7365102aad03cd2
Score

10^/10

oski discovery infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

oskidiscoveryinfostealerspywarestealer

behavioral2

oskidiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy