oski | bbd4dd21dde67a96ac02aa9795ce662fa36d4edb90d13f2ffbdeee0d4aea5050 | Triage

Sharing

General

Target

DFI_0451_587_032.pdf
Size

375KB
Sample

220522-f2lehsffd8
MD5

2e85f22e8e3436b38af2299a04f0cad8
SHA1

3cde19f615684e6f124c747bbefc3e65780c77ce
SHA256

bbd4dd21dde67a96ac02aa9795ce662fa36d4edb90d13f2ffbdeee0d4aea5050
SHA512

52b1b2f636d52c3653ed79654503a3483eacd69e2bb5552a432f222b446c3290c4afac1e786115ff9be75044022c2cee4766d50ed96aff26601613d217fb2fff

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

vtqt.xyz

Targets

- Target
  
  DFI_0451_587_032.pdf
- Size
  
  375KB
- MD5
  
  2e85f22e8e3436b38af2299a04f0cad8
- SHA1
  
  3cde19f615684e6f124c747bbefc3e65780c77ce
- SHA256
  
  bbd4dd21dde67a96ac02aa9795ce662fa36d4edb90d13f2ffbdeee0d4aea5050
- SHA512
  
  52b1b2f636d52c3653ed79654503a3483eacd69e2bb5552a432f222b446c3290c4afac1e786115ff9be75044022c2cee4766d50ed96aff26601613d217fb2fff
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealerspywarestealer

behavioral2

oskiinfostealerspywarestealer