General
-
Target
RFQ_1220274_SH0601201.zip
-
Size
97KB
-
Sample
211119-t96bjsbabn
-
MD5
001b52029825b6ab3ee5c217bb0bfdb0
-
SHA1
da7dff92b4287e7bc0af3f2ebe9cb6f0f12e0fbd
-
SHA256
3373292f7851b94d18a1f3317a772e06ed0e41142d064611fb843b5ab962d545
-
SHA512
5859cd7ad9183d874d28ecd8a65ee1ab529f64f881c09a299bdae1fe31d29f378565dcf4de0bccf0cc4b5d25eac93e4da7be45e00e5d1606df5d9a19a8f983a1
Malware Config
Extracted
oski
dimensionluz.cl/new/
Targets
-
-
Target
NEW.exe
-
Size
200KB
-
MD5
320329dc62b4db96ba0b0cab347601de
-
SHA1
1c362e00c620b975c41c3b0db8815bf2379c5f21
-
SHA256
b221129b7a885377264e070750a5ad6a5ca01426df99777f15a89f438a143211
-
SHA512
8f5935ae264ed0199690ee9693642d35bedc34aa1803009d6ada5bc12be6dc3c72d0c5c0f2d6172610d4540cc6fcdd5d6b0b0e0dc3fe9f5fabdd9a81666b24ba
Score10/10-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
Downloads MZ/PE file
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-