General

  • Target

    DOC98374933_JULY2021.iso

  • Size

    1.2MB

  • Sample

    210722-8wvzfrw6k6

  • MD5

    c6c39101ee5c94dff00cd940617d0294

  • SHA1

    871a29c9dd5d17ed15e8da5bed728bf6158fcbdf

  • SHA256

    9bafab21d172a1a4c7cc88eb44ca8292a8f96f812d7b4c71b706479f22690b7a

  • SHA512

    6de8ef8b2f06347aa92eee2c606e160d0cebe1d581ed4ce652eb69088ecbc259229fba5f09d470267de209d33f1fbc5c88196560181516808bd7c4ad1c193b93

Malware Config

Extracted

Family

oski

C2

kckark.xyz

Targets

    • Target

      DOC98374933_JULY2021.exe

    • Size

      1.1MB

    • MD5

      7cdabce07469c95df2bfe4bb692757d5

    • SHA1

      be7905986d224b15517c5b41d4fc30fec309bd8e

    • SHA256

      242acd2bd4415b211de8afd058570aac478e1c257d31e908a2823b8fb3788ede

    • SHA512

      15fb71bf0912a3083590c454eacb37ea1e8954d2ce63de1910073192d767ca48ffd0a7192cb095799461a97ce680751bff30f59e5815c327cd9c767322fdc060

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

2
T1005

Tasks