oski | 32397c143bd1d84c30ddda892b0f2e13f97ab22bfbc266738ffa7f369c97ea81 | Triage

Submit
Reports

Overview

overview

Static

static

8

PO-20892.ppt

windows7_x64

PO-20892.ppt

windows10_x64

Sharing

General

Target

PO-20892.ppt
Size

58KB
Sample

210713-jf2yyts3vs
MD5

d728d510f2b3020f9f5966787d11097d
SHA1

fad2d76eacde97742c9147a0b9ce02b1d672b4a5
SHA256

32397c143bd1d84c30ddda892b0f2e13f97ab22bfbc266738ffa7f369c97ea81
SHA512

47b790535f92a579c364c5948c0fa57db42fa74ff82b7eed5d11a04411bbc014671ba5561ef00b94eb0c0d29d190575d0b067ddc073c99e5ba2d29c94d221773

Score

10^/10

oski infostealer macro spyware xlm

Static task

static1

Behavioral task

behavioral1

Sample

PO-20892.ppt

Resource

win7v20210410

oski infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PO-20892.ppt

Resource

win10v20210408

oski infostealer spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

oski

C2

103.153.76.164/we/qw/

Targets

- Target
  
  PO-20892.ppt
- Size
  
  58KB
- MD5
  
  d728d510f2b3020f9f5966787d11097d
- SHA1
  
  fad2d76eacde97742c9147a0b9ce02b1d672b4a5
- SHA256
  
  32397c143bd1d84c30ddda892b0f2e13f97ab22bfbc266738ffa7f369c97ea81
- SHA512
  
  47b790535f92a579c364c5948c0fa57db42fa74ff82b7eed5d11a04411bbc014671ba5561ef00b94eb0c0d29d190575d0b067ddc073c99e5ba2d29c94d221773
Score

10^/10

oski infostealer spyware
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

oskiinfostealerspyware

behavioral2

oskiinfostealerspyware

© 2018-2024

Terms | Privacy