oski | 838bb771d05c0436b9e37bc35ccdcf80d49b2b4d8aa78fa6627b331307fc6f73 | Triage

Submit
Reports

Overview

overview

Static

static

RFQ NO.71092.doc

windows7_x64

RFQ NO.71092.doc

windows10_x64

1

Sharing

General

Target

RFQ NO.71092.doc
Size

70KB
Sample

211019-jwlpwafdd4
MD5

9c90d014b3fe6c06dc4bfccd05eeb09b
SHA1

2535e0244a7212b5e67671051a2b6e2f9077b739
SHA256

838bb771d05c0436b9e37bc35ccdcf80d49b2b4d8aa78fa6627b331307fc6f73
SHA512

e19798b7b4ff1d2fd9507c942b11419a6a87c648887a6a9f659134536223e8562e9542edef87d95053e2bd4891f611af1ce40ada297585ccd5667300f8097854

Score

10^/10

oski discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

RFQ NO.71092.doc

Resource

win7-en-20211014

oski discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

RFQ NO.71092.doc

Resource

win10-en-20210920

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

oski

C2

stanelectronics.xyz

Targets

- Target
  
  RFQ NO.71092.doc
- Size
  
  70KB
- MD5
  
  9c90d014b3fe6c06dc4bfccd05eeb09b
- SHA1
  
  2535e0244a7212b5e67671051a2b6e2f9077b739
- SHA256
  
  838bb771d05c0436b9e37bc35ccdcf80d49b2b4d8aa78fa6627b331307fc6f73
- SHA512
  
  e19798b7b4ff1d2fd9507c942b11419a6a87c648887a6a9f659134536223e8562e9542edef87d95053e2bd4891f611af1ce40ada297585ccd5667300f8097854
Score

10^/10

oski discovery infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

oskidiscoveryinfostealerspywarestealer

behavioral2

© 2018-2024

Terms | Privacy