General
-
Target
PO294232.exe
-
Size
538KB
-
Sample
211027-j9k1haahg6
-
MD5
2ed2d26ee75e5bc46a355c0265dd4719
-
SHA1
7d45cf3ded4de7432aaeaac18937e13e567d4e81
-
SHA256
192f884438809d6fb01ae0c89c4ccd1fdae62d429e78bdbcc4ff4d28a54049af
-
SHA512
a14e8312c283df893daa6222ca9fe15fc87b74d1a1271f5892c78f3362b4f8d41cccccb268827e7a557866a016b9ec927a3e5868de83b53733d74caeb2e99a1d
Malware Config
Extracted
oski
bakas1e.xyz
Targets
-
-
Target
PO294232.exe
-
Size
538KB
-
MD5
2ed2d26ee75e5bc46a355c0265dd4719
-
SHA1
7d45cf3ded4de7432aaeaac18937e13e567d4e81
-
SHA256
192f884438809d6fb01ae0c89c4ccd1fdae62d429e78bdbcc4ff4d28a54049af
-
SHA512
a14e8312c283df893daa6222ca9fe15fc87b74d1a1271f5892c78f3362b4f8d41cccccb268827e7a557866a016b9ec927a3e5868de83b53733d74caeb2e99a1d
Score10/10-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-