General

  • Target

    Purchase Order.xlsx

  • Size

    187KB

  • Sample

    220326-hlzy3shea8

  • MD5

    f5fffc343e9dda0bb4e7be9a76ccaa81

  • SHA1

    9cdc3274e984cfe1811a33f7509ac5ce30bdf75b

  • SHA256

    f5052d7774eae6c14693e7c5826de8ee658916d121f26d27d76d7a23da1816a9

  • SHA512

    3c4634d0cdb8c123b6fb431b9a17bcc344d5e7af346c9c78aa3a45f87f13652467a1e7e9aabdbb1a65735ce034b67e56e07956926064f1a75cffe33a7380a4cf

Score
10/10

Malware Config

Extracted

Family

oski

C2

panel.blsasco.com

Targets

    • Target

      Purchase Order.xlsx

    • Size

      187KB

    • MD5

      f5fffc343e9dda0bb4e7be9a76ccaa81

    • SHA1

      9cdc3274e984cfe1811a33f7509ac5ce30bdf75b

    • SHA256

      f5052d7774eae6c14693e7c5826de8ee658916d121f26d27d76d7a23da1816a9

    • SHA512

      3c4634d0cdb8c123b6fb431b9a17bcc344d5e7af346c9c78aa3a45f87f13652467a1e7e9aabdbb1a65735ce034b67e56e07956926064f1a75cffe33a7380a4cf

    Score
    10/10
    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Uses the VBS compiler for execution

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks