General

  • Target

    78b4c4ddfd01109d32740164d75ca850b341a8c889275db6f2a09663c1b200e7

  • Size

    448KB

  • Sample

    220312-z4zvgadacq

  • MD5

    820729266f1ef5ff30d1b0446b5a7d71

  • SHA1

    ec3181e3d4ec7ea4f1b10054bbc11b67e74b0f3e

  • SHA256

    78b4c4ddfd01109d32740164d75ca850b341a8c889275db6f2a09663c1b200e7

  • SHA512

    bf9bcd1ede361f4ceb8173da57fe6c749601453761a47fc55acca49d6733095a7c3c8208dd62f7c5a680a1916805f8d7b8cf3635e0483a8c96dc06ad63885cf0

Malware Config

Extracted

Family

oski

C2

osiq.club

Targets

    • Target

      78b4c4ddfd01109d32740164d75ca850b341a8c889275db6f2a09663c1b200e7

    • Size

      448KB

    • MD5

      820729266f1ef5ff30d1b0446b5a7d71

    • SHA1

      ec3181e3d4ec7ea4f1b10054bbc11b67e74b0f3e

    • SHA256

      78b4c4ddfd01109d32740164d75ca850b341a8c889275db6f2a09663c1b200e7

    • SHA512

      bf9bcd1ede361f4ceb8173da57fe6c749601453761a47fc55acca49d6733095a7c3c8208dd62f7c5a680a1916805f8d7b8cf3635e0483a8c96dc06ad63885cf0

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks