General
-
Target
REVISED OT STATMENT.exe
-
Size
23KB
-
Sample
220606-nqkmvafge8
-
MD5
72fa05be3392be5638758ee698836ffb
-
SHA1
e7e9a38bba03ba858083eea322271016afeee1dd
-
SHA256
27cd376e2cadfbc6a07f01b0168e20ba22ea6d181d510c7316b758f85c72442a
-
SHA512
82c3bd81ff254ec228751d69634bc19e3e5209b454fe44b3a1075065ef73b3962fdcfeff06d57733b153ad5572bb999fe025f7e84bc7c78a00c38789ea0e7041
Malware Config
Extracted
oski
unitech.co.vu
Targets
-
-
Target
REVISED OT STATMENT.exe
-
Size
23KB
-
MD5
72fa05be3392be5638758ee698836ffb
-
SHA1
e7e9a38bba03ba858083eea322271016afeee1dd
-
SHA256
27cd376e2cadfbc6a07f01b0168e20ba22ea6d181d510c7316b758f85c72442a
-
SHA512
82c3bd81ff254ec228751d69634bc19e3e5209b454fe44b3a1075065ef73b3962fdcfeff06d57733b153ad5572bb999fe025f7e84bc7c78a00c38789ea0e7041
Score10/10-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Downloads MZ/PE file
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Adds Run key to start application
-
Suspicious use of SetThreadContext
-