Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

SecuriteIn...54.exe

windows7_x64

10

SecuriteIn...54.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.IL.Trojan.MSILMamut.3044.28554.19954

  • Size

    743KB

  • Sample

    220602-gbpvpadda3

  • MD5

    6bc672d5f96b14084c561a217731c5a4

  • SHA1

    7ff84c9fe7594826d2c8689279979bdc75f0b561

  • SHA256

    cd238eae8acd5aaece92a1c264437fedea2fd7088df8353d81cdfd6af037e69b

  • SHA512

    6c06111139ff6f35ceb302cb7f0d1e960134d1a46fee4fe2727310a416b36c35e6c10372cbdd5107b01af833d3e3f3ec5bf0186a7fdd62b02e9d86ea2184fd7a

Score
10/10
oskiinfostealerspywaresuricata

Malware Config

Extracted

Family

oski

C2

unitech.co.vu

Targets

    • Target

      SecuriteInfo.com.IL.Trojan.MSILMamut.3044.28554.19954

    • Size

      743KB

    • MD5

      6bc672d5f96b14084c561a217731c5a4

    • SHA1

      7ff84c9fe7594826d2c8689279979bdc75f0b561

    • SHA256

      cd238eae8acd5aaece92a1c264437fedea2fd7088df8353d81cdfd6af037e69b

    • SHA512

      6c06111139ff6f35ceb302cb7f0d1e960134d1a46fee4fe2727310a416b36c35e6c10372cbdd5107b01af833d3e3f3ec5bf0186a7fdd62b02e9d86ea2184fd7a

    Score
    10/10
    oskiinfostealerspywaresuricata

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

      infostealeroski

    • suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

      suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

      suricata

    • suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2

      suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2

      suricata

    • suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2

      suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2

      suricata

    • suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

      suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

      suricata

    • suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

      suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

      suricata

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Accesses cryptocurrency files/wallets, possible credential harvesting

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks