oski | 08167401255c540fed1d03109911cc841a05324958233cee0a798a0b13fdc877 | Triage

Submit
Reports

Overview

overview

Static

static

7

0816740125...77.exe

windows7_x64

0816740125...77.exe

windows10-2004_x64

Sharing

General

Target

08167401255c540fed1d03109911cc841a05324958233cee0a798a0b13fdc877
Size

2.1MB
Sample

220524-q2lemadab7
MD5

9fa5bfb2a6fa702ef279ff02924a2282
SHA1

f9f79b47d6dca30b6ed0cc94636b299923e10eda
SHA256

08167401255c540fed1d03109911cc841a05324958233cee0a798a0b13fdc877
SHA512

d796083383e4bddaf7946fb6a8dceeef515e08bb84580138a962a4190facae39f79bd0564f8f9c21674e694105cdcdbc2af79371db2bc8ed2cd43273f7f0af6c

Score

10^/10

oski evasion infostealer spyware stealer themida trojan

Static task

static1

Behavioral task

behavioral1

Sample

08167401255c540fed1d03109911cc841a05324958233cee0a798a0b13fdc877.exe

Resource

win7-20220414-en

oski evasion infostealer spyware stealer themida trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

08167401255c540fed1d03109911cc841a05324958233cee0a798a0b13fdc877.exe

Resource

win10v2004-20220414-en

oski evasion infostealer themida trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

oski

C2

hostisgerhg.tk

Targets

- Target
  
  08167401255c540fed1d03109911cc841a05324958233cee0a798a0b13fdc877
- Size
  
  2.1MB
- MD5
  
  9fa5bfb2a6fa702ef279ff02924a2282
- SHA1
  
  f9f79b47d6dca30b6ed0cc94636b299923e10eda
- SHA256
  
  08167401255c540fed1d03109911cc841a05324958233cee0a798a0b13fdc877
- SHA512
  
  d796083383e4bddaf7946fb6a8dceeef515e08bb84580138a962a4190facae39f79bd0564f8f9c21674e694105cdcdbc2af79371db2bc8ed2cd43273f7f0af6c
Score

10^/10

oski evasion infostealer spyware stealer themida trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Themida packer
  Detects Themida, an advanced Windows software protection system.
  themida
- Checks whether UAC is enabled
  evasion trojan
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskievasioninfostealerspywarestealerthemidatrojan

behavioral2

oskievasioninfostealerthemidatrojan

© 2018-2025

Terms | Privacy