General
-
Target
VP83x7B6FVhJrp5.bin
-
Size
693KB
-
Sample
220610-mdb99sabbm
-
MD5
c8652278afcddfb2d0819cb20170ec69
-
SHA1
fbb977552bf08eff8449dfaad9e853b93fb831da
-
SHA256
96aaaea7fe5ece5fd42282815eb8d1e1d08ed6e167b2a239636f989604397ba4
-
SHA512
1d8da18faad797876bd0f5efd1531d7e021754e3fee285e04224dbf05e7d82379e8a74b4a24e9680264e55e11cc05c35dd9fc1a71ff977fa6592f148b2b2f260
Malware Config
Extracted
oski
unitech.co.vu
Targets
-
-
Target
VP83x7B6FVhJrp5.bin
-
Size
693KB
-
MD5
c8652278afcddfb2d0819cb20170ec69
-
SHA1
fbb977552bf08eff8449dfaad9e853b93fb831da
-
SHA256
96aaaea7fe5ece5fd42282815eb8d1e1d08ed6e167b2a239636f989604397ba4
-
SHA512
1d8da18faad797876bd0f5efd1531d7e021754e3fee285e04224dbf05e7d82379e8a74b4a24e9680264e55e11cc05c35dd9fc1a71ff977fa6592f148b2b2f260
Score10/10-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2
-
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil
-
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Suspicious use of SetThreadContext
-