oski

General

Target

1EDE253254B0E22FE2178DB8CF7EE8249083C98178156.exe
Size

323KB
Sample

220619-nxvrdsecgm
MD5

d16246db1c3abce64bcb4ed32fd151fd
SHA1

7ba1ce14c3e2061bbb03022ca62a847b7aff3d4c
SHA256

1ede253254b0e22fe2178db8cf7ee8249083c98178156e8500c8a87e588158f9
SHA512

8a5d16b6dd3314a7923bac538c878122ec81f376d6deeaa5a06eb9f8bfa7b04a44c6b62cc8b221ccb890cc521e9f9596e4ec818da8ddb3e4baf0bf814caca5f4

Score

10^/10

Malware Config

Extracted

Family

oski

C2

castroseguranca.com.br

Targets

- Target
  
  1EDE253254B0E22FE2178DB8CF7EE8249083C98178156.exe
- Size
  
  323KB
- MD5
  
  d16246db1c3abce64bcb4ed32fd151fd
- SHA1
  
  7ba1ce14c3e2061bbb03022ca62a847b7aff3d4c
- SHA256
  
  1ede253254b0e22fe2178db8cf7ee8249083c98178156e8500c8a87e588158f9
- SHA512
  
  8a5d16b6dd3314a7923bac538c878122ec81f376d6deeaa5a06eb9f8bfa7b04a44c6b62cc8b221ccb890cc521e9f9596e4ec818da8ddb3e4baf0bf814caca5f4
Score

10^/10

oski infostealer spyware stealer suricata
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
  suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
  suricata
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

Loads dropped DLL

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2