General
-
Target
VP83x7B6FVhJrp5.bin.zip
-
Size
613KB
-
Sample
220610-l8tblaeda7
-
MD5
1436e09a8089120a94520662a655e7a9
-
SHA1
9d198860344a0470ce136b049e4c4a0974651105
-
SHA256
2c57a483839755cc3457059ad20e96d3c6997b452fb85931f17b9bd327472abb
-
SHA512
106edfa33f64fc160051fc9c356f1dff8615220f311b4dc13334c6559be2e57cbd787909afed3a5707e4722505b0319834c3fddb00e3a89ba2b9f0295eaec31a
Malware Config
Extracted
oski
unitech.co.vu
Targets
-
-
Target
VP83x7B6FVhJrp5.bin.zip
-
Size
613KB
-
MD5
1436e09a8089120a94520662a655e7a9
-
SHA1
9d198860344a0470ce136b049e4c4a0974651105
-
SHA256
2c57a483839755cc3457059ad20e96d3c6997b452fb85931f17b9bd327472abb
-
SHA512
106edfa33f64fc160051fc9c356f1dff8615220f311b4dc13334c6559be2e57cbd787909afed3a5707e4722505b0319834c3fddb00e3a89ba2b9f0295eaec31a
Score1/10 -
-
-
Target
VP83x7B6FVhJrp5.bin
-
Size
693KB
-
MD5
c8652278afcddfb2d0819cb20170ec69
-
SHA1
fbb977552bf08eff8449dfaad9e853b93fb831da
-
SHA256
96aaaea7fe5ece5fd42282815eb8d1e1d08ed6e167b2a239636f989604397ba4
-
SHA512
1d8da18faad797876bd0f5efd1531d7e021754e3fee285e04224dbf05e7d82379e8a74b4a24e9680264e55e11cc05c35dd9fc1a71ff977fa6592f148b2b2f260
Score10/10-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-