General
-
Target
ORDEN DE COMPRA (2).exe
-
Size
556KB
-
Sample
211130-lssecshgd6
-
MD5
b92a57975d4cee3e7a64ffd8c0b8eba1
-
SHA1
3dc6a5d31143af94ec21b891d1723527a04ba9bc
-
SHA256
9bb517a8a2e5028d0714bcba5d90c4b73c5ba2881b112f4ea2690d269dcf4017
-
SHA512
f413e3750aa404947df0fab43631ab802cd02e5805461202e54dafbd1829071f24d9200f2c407cb77b341e8e5528d7478c196115883d463ad79e7f00fa7a9313
Malware Config
Extracted
oski
vsiperu.com
Targets
-
-
Target
ORDEN DE COMPRA (2).exe
-
Size
556KB
-
MD5
b92a57975d4cee3e7a64ffd8c0b8eba1
-
SHA1
3dc6a5d31143af94ec21b891d1723527a04ba9bc
-
SHA256
9bb517a8a2e5028d0714bcba5d90c4b73c5ba2881b112f4ea2690d269dcf4017
-
SHA512
f413e3750aa404947df0fab43631ab802cd02e5805461202e54dafbd1829071f24d9200f2c407cb77b341e8e5528d7478c196115883d463ad79e7f00fa7a9313
Score10/10-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-