oski | 5cf6b212b7032c8aa58d33d33c20f801f3709358ad70025ffa832abb69846fa8 | Triage

Sharing

General

Target

5cf6b212b7032c8aa58d33d33c20f801f3709358ad70025ffa832abb69846fa8
Size

3.0MB
Sample

220524-wvax7sgehn
MD5

6815c0366e22e0d8ac1fda13b44d7ac0
SHA1

ef475f1100f6c0f64218ed62ae38ffae869206bf
SHA256

5cf6b212b7032c8aa58d33d33c20f801f3709358ad70025ffa832abb69846fa8
SHA512

e46e5e6e3856bb5af3fed83fcf78756b0b154fee4d5240eb39b7517c2ace45bbe5a74fc36365fd7ca310786f17c579715d958aee84a7ac4255f2b3b1f4135451

Score

10^/10

oski evasion infostealer spyware stealer suricata trojan

Malware Config

Extracted

Family

oski

C2

5.187.7.144

Targets

- Target
  
  5cf6b212b7032c8aa58d33d33c20f801f3709358ad70025ffa832abb69846fa8
- Size
  
  3.0MB
- MD5
  
  6815c0366e22e0d8ac1fda13b44d7ac0
- SHA1
  
  ef475f1100f6c0f64218ed62ae38ffae869206bf
- SHA256
  
  5cf6b212b7032c8aa58d33d33c20f801f3709358ad70025ffa832abb69846fa8
- SHA512
  
  e46e5e6e3856bb5af3fed83fcf78756b0b154fee4d5240eb39b7517c2ace45bbe5a74fc36365fd7ca310786f17c579715d958aee84a7ac4255f2b3b1f4135451
Score

10^/10

oski evasion infostealer spyware stealer suricata trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
  suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
  suricata
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
  evasion
- Checks BIOS information in registry
  BIOS information is often read in order to detect sandboxing environments.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks whether UAC is enabled
  evasion trojan
- Suspicious use of NtSetInformationThreadHideFromDebugger
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskievasioninfostealerspywarestealersuricatatrojan

behavioral2

oskievasioninfostealersuricatatrojan