oski | b5b4f2430ee5b5348b55a2d1be3e1bf5f88094e67409bbb88d6e677da91c8482 | Triage

Submit
Reports

Overview

overview

Static

static

1

booking.exe

windows7_x64

booking.exe

windows10_x64

Sharing

General

Target

booking.exe
Size

258KB
Sample

210511-yj6kwvc8j6
MD5

3ea68451bc134bea97313a13587b7841
SHA1

f75536e5d9e174aa2d2e75521c134c03a720b93b
SHA256

b5b4f2430ee5b5348b55a2d1be3e1bf5f88094e67409bbb88d6e677da91c8482
SHA512

e0f3afd0a7daffdb23650ce2731a107db0b6d303fd2cce82d9ecfee0a9cf41f3c000d215cc6160b1fcaeb1c722c207c92ec2190e13a6f34b9c8226852295ac80

Score

10^/10

oski discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

booking.exe

Resource

win7v20210408

oski discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

booking.exe

Resource

win10v20210410

oski discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

oski

C2

45.144.225.52

Targets

- Target
  
  booking.exe
- Size
  
  258KB
- MD5
  
  3ea68451bc134bea97313a13587b7841
- SHA1
  
  f75536e5d9e174aa2d2e75521c134c03a720b93b
- SHA256
  
  b5b4f2430ee5b5348b55a2d1be3e1bf5f88094e67409bbb88d6e677da91c8482
- SHA512
  
  e0f3afd0a7daffdb23650ce2731a107db0b6d303fd2cce82d9ecfee0a9cf41f3c000d215cc6160b1fcaeb1c722c207c92ec2190e13a6f34b9c8226852295ac80
Score

10^/10

oski discovery infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Downloads MZ/PE file
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

oskidiscoveryinfostealerspywarestealer

behavioral2

oskidiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy