General

  • Target

    Invoice.NO65TG43_xlsx.exe

  • Size

    323KB

  • Sample

    220321-py4lcsccc5

  • MD5

    867a7574f6a6225f0b6e88ab9fd76c5b

  • SHA1

    5ab7d2c44bb8b6930ed689fd9de94e68cf8459cd

  • SHA256

    48c6b04927b84944104668484d7fcdb9cac6ecf195307821a13c5de0ea3bf107

  • SHA512

    8eaaddbd6cb7084df5a39135d3cf8a3210620fe57001fb176525f178873e7ce123f3abc6714d438e914c4efb6eb2421d0a5d49b9ff42e478424f641397b0da50

Malware Config

Extracted

Family

oski

C2

http://tel1e4.xyz

Targets

    • Target

      Invoice.NO65TG43_xlsx.exe

    • Size

      323KB

    • MD5

      867a7574f6a6225f0b6e88ab9fd76c5b

    • SHA1

      5ab7d2c44bb8b6930ed689fd9de94e68cf8459cd

    • SHA256

      48c6b04927b84944104668484d7fcdb9cac6ecf195307821a13c5de0ea3bf107

    • SHA512

      8eaaddbd6cb7084df5a39135d3cf8a3210620fe57001fb176525f178873e7ce123f3abc6714d438e914c4efb6eb2421d0a5d49b9ff42e478424f641397b0da50

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Enterprise v6

Tasks