General

  • Target

    test1.exe

  • Size

    5KB

  • Sample

    210811-zemfkpnxge

  • MD5

    7126e22ffd4cba3af2214d807e156a70

  • SHA1

    df0227f8104e259d26ac66bffca37f7840e7c005

  • SHA256

    d0672bf55e8872080c09d8ab5ce51171db85dce98907c3dfb09cf2ca600a4d69

  • SHA512

    73d4317ad8ee06049a0f0bb3eaaa43b3373d33f71703a27f63a48ab639d6e55ad3eac83bce3f30f9e9f1b85e8ecb779dbe4896c708905484de177397554bbfe4

Malware Config

Extracted

Family

oski

C2

accdemo.axwebsite.com

Targets

    • Target

      test1.exe

    • Size

      5KB

    • MD5

      7126e22ffd4cba3af2214d807e156a70

    • SHA1

      df0227f8104e259d26ac66bffca37f7840e7c005

    • SHA256

      d0672bf55e8872080c09d8ab5ce51171db85dce98907c3dfb09cf2ca600a4d69

    • SHA512

      73d4317ad8ee06049a0f0bb3eaaa43b3373d33f71703a27f63a48ab639d6e55ad3eac83bce3f30f9e9f1b85e8ecb779dbe4896c708905484de177397554bbfe4

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Downloads MZ/PE file

    • Uses the VBS compiler for execution

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks