oski | 80199402b66d52742db427b0a59c869d3629e2b503c8e84b0d17789db414c352 | Triage

Sharing

General

Target

80199402b66d52742db427b0a59c869d3629e2b503c8e84b0d17789db414c352
Size

861KB
Sample

220521-a5q7aaecgq
MD5

c20ef4961ce6eb9dd5654242ec1b418c
SHA1

076cb25979115c1a5baa95807f993c90f629c524
SHA256

80199402b66d52742db427b0a59c869d3629e2b503c8e84b0d17789db414c352
SHA512

e518cd58bcab49e1359d6e60fe71a12c40d6c3f3e8dcfbf974848edb901231b8bd70271fc64f55c0cd8777e975ffee08b17607e4c4bd9744a4193b2a5739a9a2

Score

10^/10

oski infostealer persistence

Malware Config

Extracted

Family

oski

C2

45.141.84.184

Targets

- Target
  
  80199402b66d52742db427b0a59c869d3629e2b503c8e84b0d17789db414c352
- Size
  
  861KB
- MD5
  
  c20ef4961ce6eb9dd5654242ec1b418c
- SHA1
  
  076cb25979115c1a5baa95807f993c90f629c524
- SHA256
  
  80199402b66d52742db427b0a59c869d3629e2b503c8e84b0d17789db414c352
- SHA512
  
  e518cd58bcab49e1359d6e60fe71a12c40d6c3f3e8dcfbf974848edb901231b8bd70271fc64f55c0cd8777e975ffee08b17607e4c4bd9744a4193b2a5739a9a2
Score

10^/10

oski infostealer persistence
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Hidden Files and Directories

Modify Registry

Credential Access

Discovery

Remote System Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealerpersistence

behavioral2