Overview

overview

10

Static

static

10

B1A5D1029B...9D.exe

windows7_x64

10

B1A5D1029B...9D.exe

windows10-2004_x64

10

Analysis

  • max time kernel
    71s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220414-en
  • submitted
    20-05-2022 17:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    B1A5D1029B72E65E2063BBDFFF90D6E6C9CE98863859D.exe

  • Size

    200KB

  • MD5

    6a24d4e31d46c2f602996981fe525fb6

  • SHA1

    4134cbbdfec13e772a5d4b7af79159248781ef04

  • SHA256

    b1a5d1029b72e65e2063bbdfff90d6e6c9ce98863859ddfa0c5f38f7afa7b770

  • SHA512

    338f1252beb06140b4ac07087b38cfa9cc6b8a116e42c448ba2a489daf5ed039d6715c2e7f2288e71d94e964eae0fae1387a00264251043ec69bb170a62f8cfe

Score
10/10
oskiinfostealerspywarestealersuricata

Malware Config

Signatures

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

    infostealeroski
  • suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

    suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

    suricata
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Program crash 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\B1A5D1029B72E65E2063BBDFFF90D6E6C9CE98863859D.exe
    "C:\Users\Admin\AppData\Local\Temp\B1A5D1029B72E65E2063BBDFFF90D6E6C9CE98863859D.exe"
    1⤵
      PID:2204
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 1368
        2⤵
        • Program crash
        PID:460
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 2204 -ip 2204
      1⤵
        PID:2280

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads