oski | fbfe9e8babf879a2b09f9478ab57e617af9fe56cfa40ee7a2921001ec6167580 | Triage

Sharing

General

Target

fbfe9e8babf879a2b09f9478ab57e617af9fe56cfa40ee7a2921001ec6167580
Size

683KB
Sample

220520-fvwlxaeahr
MD5

5416530357bb5da383cf14e201561e61
SHA1

731e752122eaa55d91e015fc4e0bfbff8303f1e6
SHA256

fbfe9e8babf879a2b09f9478ab57e617af9fe56cfa40ee7a2921001ec6167580
SHA512

6a12de95a6e77910a449ea830b6eef43a27173ee63f614a0cc7944df5512b5896598bf0fdd326659c664e0e1d794015e5d47f69e723b80db4ec33ac93b8453f7

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

mantis.ug

Targets

- Target
  
  fbfe9e8babf879a2b09f9478ab57e617af9fe56cfa40ee7a2921001ec6167580
- Size
  
  683KB
- MD5
  
  5416530357bb5da383cf14e201561e61
- SHA1
  
  731e752122eaa55d91e015fc4e0bfbff8303f1e6
- SHA256
  
  fbfe9e8babf879a2b09f9478ab57e617af9fe56cfa40ee7a2921001ec6167580
- SHA512
  
  6a12de95a6e77910a449ea830b6eef43a27173ee63f614a0cc7944df5512b5896598bf0fdd326659c664e0e1d794015e5d47f69e723b80db4ec33ac93b8453f7
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealerspywarestealer

behavioral2

oskiinfostealerspywarestealer