oski | 5bd1784bd0379cb65a32f1c71989082c6b9168c150e18ba21b351b2320f667da | Triage

Submit
Reports

Overview

overview

Static

static

8

DSV INV 10...21.ppt

windows7_x64

DSV INV 10...21.ppt

windows10_x64

Sharing

General

Target

DSV INV 103823 14072021.ppt
Size

58KB
Sample

210714-2qya4dzzqj
MD5

4c5105952fcc267dc7b8bf5a2220fb51
SHA1

9f43f9de80672d5d228d254394360ae362d9a673
SHA256

5bd1784bd0379cb65a32f1c71989082c6b9168c150e18ba21b351b2320f667da
SHA512

88f09a875c5e6164fec848a535b2601262e90f4c110ebf34acbdbc31bccc6684c1d2f98359347c325354197a252d02b644da4e20e7d68365a52cca736590a540

Score

10^/10

oski infostealer macro spyware xlm

Static task

static1

Behavioral task

behavioral1

Sample

DSV INV 103823 14072021.ppt

Resource

win7v20210410

oski infostealer spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DSV INV 103823 14072021.ppt

Resource

win10v20210408

oski infostealer spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

oski

C2

103.153.76.164/we/mark/

Targets

- Target
  
  DSV INV 103823 14072021.ppt
- Size
  
  58KB
- MD5
  
  4c5105952fcc267dc7b8bf5a2220fb51
- SHA1
  
  9f43f9de80672d5d228d254394360ae362d9a673
- SHA256
  
  5bd1784bd0379cb65a32f1c71989082c6b9168c150e18ba21b351b2320f667da
- SHA512
  
  88f09a875c5e6164fec848a535b2601262e90f4c110ebf34acbdbc31bccc6684c1d2f98359347c325354197a252d02b644da4e20e7d68365a52cca736590a540
Score

10^/10

oski infostealer spyware
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Process spawned unexpected child process
  This typically indicates the parent process was compromised via an exploit or macro.
- Blocklisted process makes network request
- Downloads MZ/PE file
- Loads dropped DLL
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Install Root Certificate

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

oskiinfostealerspyware

behavioral2

oskiinfostealerspyware

© 2018-2024

Terms | Privacy