oski | b32a72d74944d3b196f0905e74cc233a47f8ebfdb96ddbf71a183d08c3f5475a | Triage

Submit
Reports

Overview

overview

Static

static

7

dd251dae55...a3.exe

windows7_x64

dd251dae55...a3.exe

windows10-2004_x64

Sharing

General

Target

5571627843223552.zip
Size

2.4MB
Sample

220214-sbns6shde5
MD5

ff69209f9b7273295709612014281791
SHA1

62775657b8b01e2c416c3fad481755152191d449
SHA256

b32a72d74944d3b196f0905e74cc233a47f8ebfdb96ddbf71a183d08c3f5475a
SHA512

840698896e0f212fd12b928cd8b4bf01c398390b10696deb4e92e7fa2112e3c7e245ebdbfaf0e5ffdefe2ce8e9202d9a4b2fd0ddf7df03b65e7a4f2231383763

Score

10^/10

oski evasion infostealer spyware stealer themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

dd251dae550a6db360a54a963adb3adf18084b0db5bba7806b5b5ade01de69a3.exe

Resource

win7-en-20211208

oski evasion infostealer spyware stealer themida trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

dd251dae550a6db360a54a963adb3adf18084b0db5bba7806b5b5ade01de69a3.exe

Resource

win10v2004-en-20220113

oski evasion infostealer spyware stealer themida trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

oski

C2

secureredirectinfo.com

Targets

- Target
  
  dd251dae550a6db360a54a963adb3adf18084b0db5bba7806b5b5ade01de69a3
- Size
  
  2.5MB
- MD5
  
  ec370128bc27c7fb5eeccbb7052deca5
- SHA1
  
  a8abfd836c8e5c4aea8adc4a6000d36ea5b275a0
- SHA256
  
  dd251dae550a6db360a54a963adb3adf18084b0db5bba7806b5b5ade01de69a3
- SHA512
  
  2819ab07f2d9d23375b1b43b81e9e5efc85e5b5bb5fedaa98fc7d1f624820b14832c01404d5cc752e2523f0a80ef4de0312fdff3deb585ba0915605541b50e8f
Score

10^/10

oski evasion infostealer spyware stealer themida trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Suspicious use of NtCreateProcessExOtherParentProcess
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

oskievasioninfostealerspywarestealerthemidatrojan

behavioral2

oskievasioninfostealerspywarestealerthemidatrojan

© 2018-2024

Terms | Privacy