General

  • Target

    IV3090065437.exe

  • Size

    227KB

  • Sample

    220322-gsmrnaeec9

  • MD5

    2962e54654777bac6bf57c28f21a5c9a

  • SHA1

    0ea996779357de45e85e2e12c3d0ac31cf0fd107

  • SHA256

    8399c97b606bb6613f99006964a47064e402e6489574b85db7a9872f601886b2

  • SHA512

    78109e371a89be0a1a81ae8a13fb8749754519001a3e7946cccef34c03bc6ab0a9a6253823445d2f82cc756df55802fb220087970b30ccb436f8f3e272a381ba

Malware Config

Extracted

Family

oski

C2

tel4s6.xyz

Targets

    • Target

      IV3090065437.exe

    • Size

      227KB

    • MD5

      2962e54654777bac6bf57c28f21a5c9a

    • SHA1

      0ea996779357de45e85e2e12c3d0ac31cf0fd107

    • SHA256

      8399c97b606bb6613f99006964a47064e402e6489574b85db7a9872f601886b2

    • SHA512

      78109e371a89be0a1a81ae8a13fb8749754519001a3e7946cccef34c03bc6ab0a9a6253823445d2f82cc756df55802fb220087970b30ccb436f8f3e272a381ba

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Enterprise v6

Tasks