Overview

overview

10

Static

static

1

1b7f72cf6e...28.exe

windows7_x64

10

1b7f72cf6e...28.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7510336211.zip

  • Size

    237KB

  • Sample

    220603-xdds7scgd2

  • MD5

    d526a6faad3d4dbe0df4c94d60aebafa

  • SHA1

    ebb8e8ffc0b4fa13395f65772b7c2c1e9cabe4d0

  • SHA256

    0bae72d977ca1752c8cea9ad12508f744e7d0783533bdd27312ec45b90aa3edb

  • SHA512

    ef3d9b84add62c7c5b68962db5fe5c23cdd5422f234ff513b47b1e145fba43da30d18ca7e05535542582a3322675b6e7667386c87b8314043dec7fa3bd8c5886

Score
10/10
oskiinfostealerspywarestealer

Malware Config

Extracted

Family

oski

C2

dllion.xyz

Targets

    • Target

      1b7f72cf6ea98b693e305d1cde7a72fff8c92af18f703760ebd0621682600e28

    • Size

      403KB

    • MD5

      b897014a297635afa570641d9ba379ab

    • SHA1

      b8940e8934d28d04d52e0653e5c59cf19ecfdcf0

    • SHA256

      1b7f72cf6ea98b693e305d1cde7a72fff8c92af18f703760ebd0621682600e28

    • SHA512

      cfdd35fe035911e4820555931cdfd6a9260265b7a0cca277f327f6ef953aa162e1c455fa471d5b235f349f701aae88498312c2b0bee056d4eda8e9561e25d27e

    Score
    10/10
    oskiinfostealerspywarestealer

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

      infostealeroski

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks