Malware Analysis Report

2025-01-03 04:56

Sample ID 220406-sk614secc5
Target 2DF2BB4BA1E6580FA4368F8B2CF681FE.exe
SHA256 24135e78ecf7c7e30984c0f38d381f528c2400f4b7f4a05d5c37bdcf9365ced1
Tags
oski infostealer spyware stealer
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

24135e78ecf7c7e30984c0f38d381f528c2400f4b7f4a05d5c37bdcf9365ced1

Threat Level: Known bad

The file 2DF2BB4BA1E6580FA4368F8B2CF681FE.exe was found to be: Known bad.

Malicious Activity Summary

oski infostealer spyware stealer

Oski

Oski family

Reads user/profile data of web browsers

Program crash

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-04-06 15:12

Signatures

Oski family

oski

Analysis: behavioral2

Detonation Overview

Submitted

2022-04-06 15:12

Reported

2022-04-06 15:15

Platform

win10v2004-20220331-en

Max time kernel

155s

Max time network

174s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2DF2BB4BA1E6580FA4368F8B2CF681FE.exe"

Signatures

Oski

infostealer oski

Reads user/profile data of web browsers

spyware stealer

Processes

C:\Users\Admin\AppData\Local\Temp\2DF2BB4BA1E6580FA4368F8B2CF681FE.exe

"C:\Users\Admin\AppData\Local\Temp\2DF2BB4BA1E6580FA4368F8B2CF681FE.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 3044 -ip 3044

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 1324

Network

Country Destination Domain Proto
US 93.184.221.240:80 tcp
US 8.8.8.8:53 carding.axfree.com udp
DE 144.76.115.36:80 carding.axfree.com tcp
US 93.184.221.240:80 tcp
NL 13.69.109.131:443 tcp
DE 144.76.115.36:80 carding.axfree.com tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp
US 93.184.221.240:80 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2022-04-06 15:12

Reported

2022-04-06 15:14

Platform

win7-20220331-en

Max time kernel

38s

Max time network

47s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2DF2BB4BA1E6580FA4368F8B2CF681FE.exe"

Signatures

Processes

C:\Users\Admin\AppData\Local\Temp\2DF2BB4BA1E6580FA4368F8B2CF681FE.exe

"C:\Users\Admin\AppData\Local\Temp\2DF2BB4BA1E6580FA4368F8B2CF681FE.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 772

Network

Country Destination Domain Proto
US 8.8.8.8:53 carding.axfree.com udp
DE 144.76.115.36:80 carding.axfree.com tcp

Files

memory/800-54-0x0000000076A51000-0x0000000076A53000-memory.dmp

memory/948-55-0x0000000000000000-mapping.dmp