Overview

overview

10

Static

static

8

Drawing fo...er.ppt

windows7_x64

10

Drawing fo...er.ppt

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Drawing for Our New Order.ppt

  • Size

    61KB

  • Sample

    210714-dkl7lx7wj2

  • MD5

    79493748bb0077dcef55330b23a575f8

  • SHA1

    03b6a4e65c92aafd4b1ca0b1c136480b05a3f4be

  • SHA256

    38d2d19379a2972893b4e72762478cfb3323f1c6d56b50787e25ff4eb96a2f05

  • SHA512

    7126d9fdb489eb259001917d2f6e4999789e6db9d61a752f65fe1652d97f04db0ff8f1652d8f865cbb86199fa16e7b34c83e8b3daadb1fd631716160c50ee540

Score
10/10
oskiinfostealermacrospywarexlm

Malware Config

Extracted

Family

oski

C2

103.153.76.164/we/div/

Targets

    • Target

      Drawing for Our New Order.ppt

    • Size

      61KB

    • MD5

      79493748bb0077dcef55330b23a575f8

    • SHA1

      03b6a4e65c92aafd4b1ca0b1c136480b05a3f4be

    • SHA256

      38d2d19379a2972893b4e72762478cfb3323f1c6d56b50787e25ff4eb96a2f05

    • SHA512

      7126d9fdb489eb259001917d2f6e4999789e6db9d61a752f65fe1652d97f04db0ff8f1652d8f865cbb86199fa16e7b34c83e8b3daadb1fd631716160c50ee540

    Score
    10/10
    oskiinfostealerspyware

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

      infostealeroski

    • Process spawned unexpected child process

      This typically indicates the parent process was compromised via an exploit or macro.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

2
T1112

Install Root Certificate

1
T1130

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

3
T1082

Query Registry

2
T1012

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks