General

  • Target

    5994170951041024.zip

  • Size

    1.0MB

  • Sample

    210809-4n181jwhhj

  • MD5

    29d4d910e33b2c141ab86f4a2048454f

  • SHA1

    f0d4cc8202c4cc2e1d58c6cb654a0d1919e533c6

  • SHA256

    9a68f76e256898529baa7f02461b87acd24075b0717c36d99efba4e244b65ef2

  • SHA512

    fb4df208eb867c91d244f4649118ac8e14a109ff5e7efb047a44b5ed3d49923c6022cddf331a3de5e0faeaac2d429fb61ad63db1de0a03cf5c1c950d0912325a

Malware Config

Extracted

Family

oski

C2

12345678987654321.link

Targets

    • Target

      4ab4899a6b0f33e7e04867c61bb2f3564ed6fde325d75871f75543adf99d71ce

    • Size

      1.7MB

    • MD5

      6972fe73b5e81cb52e0472ff6617b3a9

    • SHA1

      d3adbcd45ea322f4d813540bdadd9989c274b18d

    • SHA256

      4ab4899a6b0f33e7e04867c61bb2f3564ed6fde325d75871f75543adf99d71ce

    • SHA512

      38e84ba8d8d39987bedafbe71a16b933a17a43938c1a4fc5994f18d212c5c553c0eec4640bad5233dcd3b72a285458781202f62d99d5df4171f1fddd64813f63

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Executes dropped EXE

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks