oski | 1e06feaa8bffafea07e7b94ca87987d61c6e5d0afb520e7c065d7facc10d4b88 | Triage

Submit
Reports

Overview

overview

Static

static

8b9848190f...27.exe

windows7_x64

8b9848190f...27.exe

windows10_x64

Sharing

General

Target

8b9848190fb40aacc6365ec2d27b1db47b12f027.exe
Size

466KB
Sample

211018-x591qafden
MD5

3b546310e40b24c209f03b25f50b6360
SHA1

8b9848190fb40aacc6365ec2d27b1db47b12f027
SHA256

1e06feaa8bffafea07e7b94ca87987d61c6e5d0afb520e7c065d7facc10d4b88
SHA512

27ced9beccce1699f0bbbacb1a0aa13433f3d9085147853f1c078ab5eceff0664e6b7b716815a2045c9cd4b33a965c1dd4ee2d56bdab7a93f421a789f4aaad8f

Score

10^/10

oski infostealer spyware suricata

Static task

static1

Behavioral task

behavioral1

Sample

8b9848190fb40aacc6365ec2d27b1db47b12f027.exe

Resource

win7-en-20210920

oski infostealer spyware suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

8b9848190fb40aacc6365ec2d27b1db47b12f027.exe

Resource

win10-en-20210920

oski infostealer spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

oski

C2

aboliki.xyz

Targets

- Target
  
  8b9848190fb40aacc6365ec2d27b1db47b12f027.exe
- Size
  
  466KB
- MD5
  
  3b546310e40b24c209f03b25f50b6360
- SHA1
  
  8b9848190fb40aacc6365ec2d27b1db47b12f027
- SHA256
  
  1e06feaa8bffafea07e7b94ca87987d61c6e5d0afb520e7c065d7facc10d4b88
- SHA512
  
  27ced9beccce1699f0bbbacb1a0aa13433f3d9085147853f1c078ab5eceff0664e6b7b716815a2045c9cd4b33a965c1dd4ee2d56bdab7a93f421a789f4aaad8f
Score

10^/10

oski infostealer spyware suricata
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
  suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
  suricata
- suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
  suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
  suricata
- Downloads MZ/PE file
- Loads dropped DLL
- Uses the VBS compiler for execution
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

oskiinfostealerspywaresuricata

behavioral2

oskiinfostealerspyware

© 2018-2024

Terms | Privacy