oski | 29cd5901e6099a6423ee9762e817060deaf43b9668447dd8b5cc327c1425521d | Triage

Sharing

General

Target

7509376119.zip
Size

333KB
Sample

220528-b5fwzsgcgm
MD5

d1a45109f62fc4bbccb44a1977c70553
SHA1

15a2a32d80d837ba418a08d35d26ef5c4b1ec979
SHA256

29cd5901e6099a6423ee9762e817060deaf43b9668447dd8b5cc327c1425521d
SHA512

5bfe9939959f55cc79661afa7e497734792392f8cadcdbb12326278de56652f9ac49c58e975910c385b4d0b70310e3872c9106add7f9fd1e1b753c88924a0d37

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

http://bsig99.xyz

Targets

- Target
  
  Sucwelxt vv.exe
- Size
  
  525KB
- MD5
  
  082bd91b649aa37460d4ec595878e8b4
- SHA1
  
  0613f565d1f0f6a5acbea226bccb5ab99bbe8c9c
- SHA256
  
  f26018f63848edfc0e7a83dbdc502a710bfafa968eacf658ce8a13915a42e783
- SHA512
  
  d5a0722b50e6c2a62b007537b2fda7f64e21d41f29dcf07f104dbdc80e331d454805c97d0eb553236f4dae57ccfb76a1a3273e78891a85d53369f40adc20ed84
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealerspywarestealer

behavioral2

oskiinfostealerspywarestealer