General

  • Target

    tmp

  • Size

    789KB

  • Sample

    220315-qf4dbabec9

  • MD5

    76734690b1107d43d732f6d981997147

  • SHA1

    4e0d14ce3ea36f9eac0cb61c59f07c9708e7a81f

  • SHA256

    9ac0322714806d2e922280dc9d59622656f1d0f682cf093df8505022cd631da0

  • SHA512

    f2d5f78c1ccb0fde02121ac65b9b7f98ea1654f99c46e81b2f3046235a98873e2279526915ef4172ea89bc2ca83f8d79eb062295ec0056f342dbb77f228dced5

Malware Config

Extracted

Family

oski

C2

http://64.188.21.227/x/

Targets

    • Target

      tmp

    • Size

      789KB

    • MD5

      76734690b1107d43d732f6d981997147

    • SHA1

      4e0d14ce3ea36f9eac0cb61c59f07c9708e7a81f

    • SHA256

      9ac0322714806d2e922280dc9d59622656f1d0f682cf093df8505022cd631da0

    • SHA512

      f2d5f78c1ccb0fde02121ac65b9b7f98ea1654f99c46e81b2f3046235a98873e2279526915ef4172ea89bc2ca83f8d79eb062295ec0056f342dbb77f228dced5

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks