Overview

overview

10

Static

static

1c5686f42c...e4.exe

windows7_x64

10

1c5686f42c...e4.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7536996132.zip

  • Size

    409KB

  • Sample

    220603-v6cqhagfgr

  • MD5

    e2ebfa21150985b15015e1a7f218ad1d

  • SHA1

    ee816d59d0a9eb8a4bb1bc97a0c996ac86ff3409

  • SHA256

    f4b50e1c6b1e1cf001e2d5800e07c7d15d9ef0db7c97889f12a7dcecfeb64dbd

  • SHA512

    1e2f4f0a9f2e9f56b986bbbaf7004fefc1c6ad6491d349af6a1d6557b874e1fd98aae3eead1e69375b65e8e278d2147b61e4306da451401bc18c17d386e92872

Score
10/10
oskiinfostealerspywarestealer

Malware Config

Extracted

Family

oski

C2

almed-trading.xyz

Targets

    • Target

      1c5686f42c5b67e4af06d0a7ae31c7b6ecb1b305cdd3f61c47276ea0ae6ee9e4

    • Size

      610KB

    • MD5

      55f980f9ea9a8ed2bc7e6dd877491fc8

    • SHA1

      bd9ece343f05e36a677fc9a517f3af58da498806

    • SHA256

      1c5686f42c5b67e4af06d0a7ae31c7b6ecb1b305cdd3f61c47276ea0ae6ee9e4

    • SHA512

      8528ed0a022233250017bba4a281caca83fd13b234ba1e63f4d4e2ca8a94a6e44a956fe6a4864eff70f29e93e560a98e786ecb143235737b1bbcaebbbf2c3d8d

    Score
    10/10
    oskiinfostealerspywarestealer

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

      infostealeroski

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks