oski | 1ede253254b0e22fe2178db8cf7ee8249083c98178156e8500c8a87e588158f9 | Triage

Submit
Reports

Overview

overview

Static

static

1

1EDE253254...56.exe

windows7_x64

1EDE253254...56.exe

windows10-2004_x64

Sharing

General

Target

1EDE253254B0E22FE2178DB8CF7EE8249083C98178156.exe
Size

323KB
Sample

220619-nxvrdsecgm
MD5

d16246db1c3abce64bcb4ed32fd151fd
SHA1

7ba1ce14c3e2061bbb03022ca62a847b7aff3d4c
SHA256

1ede253254b0e22fe2178db8cf7ee8249083c98178156e8500c8a87e588158f9
SHA512

8a5d16b6dd3314a7923bac538c878122ec81f376d6deeaa5a06eb9f8bfa7b04a44c6b62cc8b221ccb890cc521e9f9596e4ec818da8ddb3e4baf0bf814caca5f4

Score

10^/10

oski infostealer spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

1EDE253254B0E22FE2178DB8CF7EE8249083C98178156.exe

Resource

win7-20220414-en

oski infostealer spyware stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

1EDE253254B0E22FE2178DB8CF7EE8249083C98178156.exe

Resource

win10v2004-20220414-en

oski infostealer spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

oski

C2

castroseguranca.com.br

Targets

- Target
  
  1EDE253254B0E22FE2178DB8CF7EE8249083C98178156.exe
- Size
  
  323KB
- MD5
  
  d16246db1c3abce64bcb4ed32fd151fd
- SHA1
  
  7ba1ce14c3e2061bbb03022ca62a847b7aff3d4c
- SHA256
  
  1ede253254b0e22fe2178db8cf7ee8249083c98178156e8500c8a87e588158f9
- SHA512
  
  8a5d16b6dd3314a7923bac538c878122ec81f376d6deeaa5a06eb9f8bfa7b04a44c6b62cc8b221ccb890cc521e9f9596e4ec818da8ddb3e4baf0bf814caca5f4
Score

10^/10

oski infostealer spyware stealer suricata
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
  suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
  suricata
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

oskiinfostealerspywarestealersuricata

behavioral2

oskiinfostealerspywarestealersuricata

© 2018-2024

Terms | Privacy