Overview

overview

10

Static

static

INVO07844SCH.exe

windows7_x64

8

INVO07844SCH.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    INVO07844SCH.exe

  • Size

    123KB

  • Sample

    211025-j3valafhc3

  • MD5

    16de4b8e44a1b040898270c4bca96a55

  • SHA1

    8767b665350873f683d708aa406348cfaad90a05

  • SHA256

    471f26d441eb0872b6c93709284022ef3866b279dabdc601b2dfd1e876a37598

  • SHA512

    0d7eaf3839124186d7956232dd79ce83ea789a617cfccf9d78b5950ade289e000edfff46cfc0ed9773988c057ca817db360281215d83dd4f72a17dc547209aa4

Score
10/10
oskiinfostealerspyware

Malware Config

Extracted

Family

oski

C2

adwa2tv.com/new/

Targets

    • Target

      INVO07844SCH.exe

    • Size

      123KB

    • MD5

      16de4b8e44a1b040898270c4bca96a55

    • SHA1

      8767b665350873f683d708aa406348cfaad90a05

    • SHA256

      471f26d441eb0872b6c93709284022ef3866b279dabdc601b2dfd1e876a37598

    • SHA512

      0d7eaf3839124186d7956232dd79ce83ea789a617cfccf9d78b5950ade289e000edfff46cfc0ed9773988c057ca817db360281215d83dd4f72a17dc547209aa4

    Score
    10/10
    oskiinfostealerspyware

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

      infostealeroski

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks