Extracted

• • Target

    DHL PACKAGE DOCUMENT.exe

  • Size

    23KB

  • MD5

    cf65c6f1cb9b6847cf639bd57e8282d1

  • SHA1

    30e4a45690434c04643aa30456191fc78041caf4

  • SHA256

    49c7f9c1a11758309f55b563b54a44b734b39f185d1d5d63436adea38e44a03d

  • SHA512

    b554bd0f76522d5bd33d33481b8a98f37059f87be2cd651c012181c1c776e294831281c4e65b68104de62eae3feaa8f813b3ec8f2c827f5f438f7cfcec9ca7eb

  Score

  10^/10

  oskiinfostealerpersistencespywaresuricata

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

    infostealeroski

  • suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

    suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

    suricata

  • suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2

    suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2

    suricata

  • suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2

    suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2

    suricata

  • suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

    suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

    suricata

  • suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

    suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

    suricata

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2