General

  • Target

    e2ff5ae0c4704ed86ffe70e708431e96135005df32870ee0dd4ee18c37ed2424

  • Size

    1.0MB

  • Sample

    220415-pq62hshchq

  • MD5

    ac42e3963efd4b3803b65cf3d0112da0

  • SHA1

    409e9cecb81d812f02fbc38e4bdde19437a0f283

  • SHA256

    e2ff5ae0c4704ed86ffe70e708431e96135005df32870ee0dd4ee18c37ed2424

  • SHA512

    8bffeef742d0af236e52304cb50992f65da224569bd9ec6268d3c564c24ce206af34dbd4754102a36379fccaa08340c6ecb7d73c00eb9fb45436e9f23811eb74

Malware Config

Extracted

Family

oski

C2

4llion.com

Targets

    • Target

      e2ff5ae0c4704ed86ffe70e708431e96135005df32870ee0dd4ee18c37ed2424

    • Size

      1.0MB

    • MD5

      ac42e3963efd4b3803b65cf3d0112da0

    • SHA1

      409e9cecb81d812f02fbc38e4bdde19437a0f283

    • SHA256

      e2ff5ae0c4704ed86ffe70e708431e96135005df32870ee0dd4ee18c37ed2424

    • SHA512

      8bffeef742d0af236e52304cb50992f65da224569bd9ec6268d3c564c24ce206af34dbd4754102a36379fccaa08340c6ecb7d73c00eb9fb45436e9f23811eb74

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks