General

  • Target

    F072-01953382-ESERMUL.IMG

  • Size

    1.2MB

  • Sample

    220408-sjlc1sbafl

  • MD5

    960d122c5a59b92a250a049743725a15

  • SHA1

    6b0fd160927756e5159a7e3912cc81f05ce04219

  • SHA256

    17eec24f99a3eb9493e635ade92d45b788eacb5a658de978531b7c33bf4b196b

  • SHA512

    144ce3bd2c5fc8ceaba0353a1a398d2b2afd6a98e98c6455834355ec7bbd7e1f28ab70860b2d77fa0607a44c6fabc5c571bf22cf33e10a378959516cbfb0475a

Malware Config

Extracted

Family

oski

C2

friktomb.cf

Targets

    • Target

      F072_019.EXE

    • Size

      514KB

    • MD5

      c80d1be82cad6e4f19dc43403d52f458

    • SHA1

      0435a24cbc362b0e8d6dd254e001b3b6a3c1b2f6

    • SHA256

      48d338ba06ada3da080eeeddb8a267b1b677dc9c3670f13e333ec8c73ff1b02c

    • SHA512

      01265c663b2843486b0c7da565683d3edbd3fb576b212cb5977a7d190244cfdd51a3ed16c01a17dfd404376fc76cee24f0c2d227c4d9b8633e94f1271f46d7a9

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks