General
-
Target
3d67ced8c8394bdc10e76835caea07dee4729e86bc665a970b6e1b5af6c33eaa
-
Size
1.3MB
-
Sample
211206-nzbrasdhgm
-
MD5
a989e8f8982eb3edd6684d790b22e48e
-
SHA1
d9c024d4b196a282c7748f3c3e592d8248d71d3a
-
SHA256
3d67ced8c8394bdc10e76835caea07dee4729e86bc665a970b6e1b5af6c33eaa
-
SHA512
ffc9118f47286f4579eb19137ebd641f6a5bb6d36266705fb44e29b87bfe0cbd1f8d31e165bddd09bec292a60e78f4e28cbd17d97867f0184707aef0eb1a565e
Malware Config
Extracted
oski
oilproduce.xyz
Targets
-
-
Target
3d67ced8c8394bdc10e76835caea07dee4729e86bc665a970b6e1b5af6c33eaa
-
Size
1.3MB
-
MD5
a989e8f8982eb3edd6684d790b22e48e
-
SHA1
d9c024d4b196a282c7748f3c3e592d8248d71d3a
-
SHA256
3d67ced8c8394bdc10e76835caea07dee4729e86bc665a970b6e1b5af6c33eaa
-
SHA512
ffc9118f47286f4579eb19137ebd641f6a5bb6d36266705fb44e29b87bfe0cbd1f8d31e165bddd09bec292a60e78f4e28cbd17d97867f0184707aef0eb1a565e
Score10/10-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of SetThreadContext
-