General

  • Target

    b616fd1f7f7feb981184ad846c626b91

  • Size

    1.3MB

  • Sample

    210721-p46sh4kkn6

  • MD5

    b616fd1f7f7feb981184ad846c626b91

  • SHA1

    03fff323686df503349f619be5b6081e0818980b

  • SHA256

    f2aed23ccdcd5c9b2ae03bdf764e971a5ef30d4ef9dfc37f66806a057433c23a

  • SHA512

    800853ec58b582466da0e061dd7bd8166a2a0d11604f7e5317a2a1a7b33b2eb8e377a8e646c5ab056e33bf43b9350fdcd582963305a727b290b28842d85a2f6b

Malware Config

Targets

    • Target

      b616fd1f7f7feb981184ad846c626b91

    • Size

      1.3MB

    • MD5

      b616fd1f7f7feb981184ad846c626b91

    • SHA1

      03fff323686df503349f619be5b6081e0818980b

    • SHA256

      f2aed23ccdcd5c9b2ae03bdf764e971a5ef30d4ef9dfc37f66806a057433c23a

    • SHA512

      800853ec58b582466da0e061dd7bd8166a2a0d11604f7e5317a2a1a7b33b2eb8e377a8e646c5ab056e33bf43b9350fdcd582963305a727b290b28842d85a2f6b

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Downloads MZ/PE file

    • Deletes itself

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of NtSetInformationThreadHideFromDebugger

MITRE ATT&CK Enterprise v6

Tasks