General

  • Target

    79f2322a266f7ae7af5686670d8e8bc93661506340aab5e9d63fd23517bbbdd0

  • Size

    1MB

  • Sample

    211206-cb1jzadbep

  • MD5

    83437762e281a39dd2e3d24a77bed412

  • SHA1

    c818383759ac632ba7b418e3a830d0a9e90b7cbb

  • SHA256

    79f2322a266f7ae7af5686670d8e8bc93661506340aab5e9d63fd23517bbbdd0

  • SHA512

    e0edffaa9b1d221e8210c9078ce8e3fa72ece476d87d01bb9d998924e718be65546717f3cf08e65d514b3069b2bbb2e6854469ac837df31866a92e9919643d77

Malware Config

Extracted

Family

oski

C2

swsaseguranca.com.br

Targets

    • Target

      79f2322a266f7ae7af5686670d8e8bc93661506340aab5e9d63fd23517bbbdd0

    • Size

      1MB

    • MD5

      83437762e281a39dd2e3d24a77bed412

    • SHA1

      c818383759ac632ba7b418e3a830d0a9e90b7cbb

    • SHA256

      79f2322a266f7ae7af5686670d8e8bc93661506340aab5e9d63fd23517bbbdd0

    • SHA512

      e0edffaa9b1d221e8210c9078ce8e3fa72ece476d87d01bb9d998924e718be65546717f3cf08e65d514b3069b2bbb2e6854469ac837df31866a92e9919643d77

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

      suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

    • suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

      suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Credential Access

Credentials in Files

2
T1081

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Collection

Data from Local System

2
T1005

Tasks