General
-
Target
7d94781381eabcb7e55417601420ac97ec1b7df80417a1c792aa6135ac42f9b6
-
Size
484KB
-
Sample
211203-rtpbzsghap
-
MD5
7f7b84c7d34ea8de67d0956b66780503
-
SHA1
736a7ed8d67c114e20a7da68ec4eb3223397783d
-
SHA256
7d94781381eabcb7e55417601420ac97ec1b7df80417a1c792aa6135ac42f9b6
-
SHA512
a85df8603af7cb9768548ea7deeeb56d66e765df8541ff8b19bdc4e84315567b7fa8125672ee4ebb3496f77bfd7447608745eb8f85176663918775793b3e8463
Malware Config
Extracted
oski
swsaseguranca.com.br
Targets
-
-
Target
7d94781381eabcb7e55417601420ac97ec1b7df80417a1c792aa6135ac42f9b6
-
Size
484KB
-
MD5
7f7b84c7d34ea8de67d0956b66780503
-
SHA1
736a7ed8d67c114e20a7da68ec4eb3223397783d
-
SHA256
7d94781381eabcb7e55417601420ac97ec1b7df80417a1c792aa6135ac42f9b6
-
SHA512
a85df8603af7cb9768548ea7deeeb56d66e765df8541ff8b19bdc4e84315567b7fa8125672ee4ebb3496f77bfd7447608745eb8f85176663918775793b3e8463
Score10/10-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-