oski | 42745214d98c128bbc0ffcbe666bb45738aef6ef725c04c05aa77aa32b3759bf | Triage

Sharing

General

Target

7495306190.zip
Size

449KB
Sample

220601-1xq5esbhc2
MD5

4805ff19a7b0458450c672ec4c525ddb
SHA1

e47f511989d9d782a0135229a7653826ee5c7749
SHA256

42745214d98c128bbc0ffcbe666bb45738aef6ef725c04c05aa77aa32b3759bf
SHA512

44c959b2bcdbe06633c49109639e5c3d6505b767372501d8e11cbd520835e6917a6e183f295721423fe23deedba96d2eea49c41037059aa6b074b0c977972b9d

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

st4q2p.xyz

Targets

- Target
  
  1c53cbedc20ce9cf5b5e69fac6211133faa197f85b214a865f71cf4e0879dd99
- Size
  
  598KB
- MD5
  
  9f8456f6d52c0afbbbb4600c383c051a
- SHA1
  
  f38291c94071200290251937b091a3ac0565c00f
- SHA256
  
  1c53cbedc20ce9cf5b5e69fac6211133faa197f85b214a865f71cf4e0879dd99
- SHA512
  
  925fcaf9fce9aa844ad16ab180dc5d476c9f3bd0025afba20d6ff6895c341696491fcd4b07ba923b221b9ba113c800fd3fb45e17eab7ac0b4229415714d72ead
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealerspywarestealer

behavioral2

oskiinfostealerspywarestealer