General

  • Target

    ad81745667752ef8094ef646ed870d3d.exe

  • Size

    200KB

  • Sample

    210725-3xcpsqvyax

  • MD5

    ad81745667752ef8094ef646ed870d3d

  • SHA1

    50762370e5fb4948ccbb9e781d9fb4a5477ead6b

  • SHA256

    a07d69dd026a965b082fd72600f691e6081d3b4132641987330424246d808b4c

  • SHA512

    5e1c873d7a6c428add82d04e2ab8601c7d409ab4bff3146d0957bfcf66c0a7e24ed0635873b55780daa814e4cb3d6a703961fb55e15682033623faaa01db542e

Malware Config

Extracted

Family

oski

C2

aegismd.ca/cgi/

Targets

    • Target

      ad81745667752ef8094ef646ed870d3d.exe

    • Size

      200KB

    • MD5

      ad81745667752ef8094ef646ed870d3d

    • SHA1

      50762370e5fb4948ccbb9e781d9fb4a5477ead6b

    • SHA256

      a07d69dd026a965b082fd72600f691e6081d3b4132641987330424246d808b4c

    • SHA512

      5e1c873d7a6c428add82d04e2ab8601c7d409ab4bff3146d0957bfcf66c0a7e24ed0635873b55780daa814e4cb3d6a703961fb55e15682033623faaa01db542e

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

MITRE ATT&CK Enterprise v6

Tasks