Extracted

• • Target

    REVISED OT STATMENT.exe

  • Size

    23KB

  • MD5

    72fa05be3392be5638758ee698836ffb

  • SHA1

    e7e9a38bba03ba858083eea322271016afeee1dd

  • SHA256

    27cd376e2cadfbc6a07f01b0168e20ba22ea6d181d510c7316b758f85c72442a

  • SHA512

    82c3bd81ff254ec228751d69634bc19e3e5209b454fe44b3a1075065ef73b3962fdcfeff06d57733b153ad5572bb999fe025f7e84bc7c78a00c38789ea0e7041

  Score

  10^/10

  oskiinfostealerpersistencespywaresuricata

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

    infostealeroski

  • suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

    suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

    suricata

  • suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2

    suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2

    suricata

  • suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2

    suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2

    suricata

  • suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

    suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

    suricata

  • suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

    suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

    suricata

  • Downloads MZ/PE file

  • Loads dropped DLL

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2