DOC98374933_JULY2021.iso

General
Target

DOC98374933_JULY2021.iso

Size

1MB

Sample

210722-8wvzfrw6k6

Score
10 /10
MD5

c6c39101ee5c94dff00cd940617d0294

SHA1

871a29c9dd5d17ed15e8da5bed728bf6158fcbdf

SHA256

9bafab21d172a1a4c7cc88eb44ca8292a8f96f812d7b4c71b706479f22690b7a

SHA512

6de8ef8b2f06347aa92eee2c606e160d0cebe1d581ed4ce652eb69088ecbc259229fba5f09d470267de209d33f1fbc5c88196560181516808bd7c4ad1c193b93

Malware Config

Extracted

Family oski
C2

kckark.xyz

Targets
Target

DOC98374933_JULY2021.exe

MD5

7cdabce07469c95df2bfe4bb692757d5

Filesize

1MB

Score
10 /10
SHA1

be7905986d224b15517c5b41d4fc30fec309bd8e

SHA256

242acd2bd4415b211de8afd058570aac478e1c257d31e908a2823b8fb3788ede

SHA512

15fb71bf0912a3083590c454eacb37ea1e8954d2ce63de1910073192d767ca48ffd0a7192cb095799461a97ce680751bff30f59e5815c327cd9c767322fdc060

Tags

Signatures

  • Oski

    Description

    Oski is an infostealer targeting browser data, crypto wallets.

    Tags

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Tasks

                    static1

                    behavioral1

                    1/10