Overview

overview

10

Static

static

10

165A20CECE...50.exe

windows7_x64

10

165A20CECE...50.exe

windows10_x64

10

Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows10_x64
  • resource
    win10-en-20211104
  • submitted
    06-11-2021 09:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    165A20CECE5BD869502D23ED2C9FDF5CB2E83451CCA50.exe

  • Size

    200KB

  • MD5

    07ac7806a3f2bc0fc993d736ecb3572b

  • SHA1

    49b54d7ece61cf9198dfc306a641f0d002b56acb

  • SHA256

    165a20cece5bd869502d23ed2c9fdf5cb2e83451cca502b110f61371da70134d

  • SHA512

    0bb78905d87356841e97e68be1d7c731f5cc4d15fa162017f9c520fceca327c589f8f31b9002c4869179af8626a03e89ef9b667a1a6d5e8f42eef2db98e1e123

Score
10/10
oskiinfostealerspywarestealer

Malware Config

Signatures

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

    infostealeroski
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Program crash 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\165A20CECE5BD869502D23ED2C9FDF5CB2E83451CCA50.exe
    "C:\Users\Admin\AppData\Local\Temp\165A20CECE5BD869502D23ED2C9FDF5CB2E83451CCA50.exe"
    1⤵
      PID:3448
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 1244
        2⤵
        • Program crash
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1104

    Network

    MITRE ATT&CK Matrix ATT&CK v6

    Initial Access

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Credentials in Files

    1
    T1081

    Discovery

    Lateral Movement

    Collection

    Data from Local System

    1
    T1005

    Exfiltration

    Command and Control

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads