Overview

overview

10

Static

static

DOCSX.scr.exe

windows7_x64

3

DOCSX.scr.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DOCSX.scr.exe

  • Size

    1006KB

  • Sample

    220524-cqx3dsfeaq

  • MD5

    87c8dfadd09d783b4ecb103cb755f968

  • SHA1

    bd6bc7e116af16697416d9ac98c74d8ecda00a82

  • SHA256

    dd77e09b528cd9572298122d059a6041f3d4e91921a11bdbfaf57fe0c8339aef

  • SHA512

    450941b7e54eca008cdca29f96a8aaf55fc59c76f4e808a2f706d30783c0efc7e0834d561379edc7580b4dfda92a4acb3d2ccae1ec19aaa2fc80c616538f90e7

Score
10/10
oskiinfostealerspywaresuricata

Malware Config

Extracted

Family

oski

C2

lettingos.co.vu

Targets

    • Target

      DOCSX.scr.exe

    • Size

      1006KB

    • MD5

      87c8dfadd09d783b4ecb103cb755f968

    • SHA1

      bd6bc7e116af16697416d9ac98c74d8ecda00a82

    • SHA256

      dd77e09b528cd9572298122d059a6041f3d4e91921a11bdbfaf57fe0c8339aef

    • SHA512

      450941b7e54eca008cdca29f96a8aaf55fc59c76f4e808a2f706d30783c0efc7e0834d561379edc7580b4dfda92a4acb3d2ccae1ec19aaa2fc80c616538f90e7

    Score
    10/10
    oskiinfostealerspywaresuricata

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

      infostealeroski

    • suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

      suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

      suricata

    • Downloads MZ/PE file

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks