oski | dabc7f8670116f83ff2e2e3be23bbaa8f8c238006e209ed344218e529a130d44 | Triage

Submit
Reports

Overview

overview

Static

static

1

77bee09a35...c3.exe

windows7_x64

77bee09a35...c3.exe

windows10_x64

Sharing

General

Target

6540419386212352.zip
Size

29.8MB
Sample

211115-1kc22abef6
MD5

fb5bfc30eb05343685dc6fb024154da0
SHA1

417412a4a831df75f95c53b0aa6d10de2054cc8e
SHA256

dabc7f8670116f83ff2e2e3be23bbaa8f8c238006e209ed344218e529a130d44
SHA512

dc660c62d7403c8214a5e580fe2db36f6802b9b4048c6f31a7bf4c5d56d7a1f9f46190eb5c33fde2da2746ce19fb80f0673651469ec62654c3296f29f3ecc62c

Score

10^/10

oski discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

77bee09a3541dba878366b1c93835ebbfb316ab0b4487eb9b5f15eaa4c1277c3.exe

Resource

win7-en-20211104

oski discovery infostealer spyware stealer

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

77bee09a3541dba878366b1c93835ebbfb316ab0b4487eb9b5f15eaa4c1277c3.exe

Resource

win10-en-20211014

oski discovery infostealer spyware stealer

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

oski

C2

projectblackhat.com

Targets

- Target
  
  77bee09a3541dba878366b1c93835ebbfb316ab0b4487eb9b5f15eaa4c1277c3
- Size
  
  29.8MB
- MD5
  
  f24c1c3b8d39e6e7a6d765c6ef69f8fd
- SHA1
  
  c3aba9eeeaa4b4ddadea83a6327826e81187d222
- SHA256
  
  77bee09a3541dba878366b1c93835ebbfb316ab0b4487eb9b5f15eaa4c1277c3
- SHA512
  
  c4102d32a2232d8d5844b080cf75c51419c5f276a33cc9cc1c707796ddfc0a670cffb07d494a0641a102a3fdd4f74424105eebec6ad9bf70ea4a3955fc89bb6f
Score

10^/10

oski discovery infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

oskidiscoveryinfostealerspywarestealer

behavioral2

oskidiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy