oski | c9b7cd9594e42b49718c8e4c093ce9bd2e494ab5d11ae6fbe505ce24a5cc3867 | Triage

Sharing

General

Target

C9B7CD9594E42B49718C8E4C093CE9BD2E494AB5D11AE.exe
Size

318KB
Sample

220619-z1573scfar
MD5

6fbe0d88a13f078bdb6ce169f64cf2d6
SHA1

cafb904a8227f35ca916e1c7b1213ce76b4282b2
SHA256

c9b7cd9594e42b49718c8e4c093ce9bd2e494ab5d11ae6fbe505ce24a5cc3867
SHA512

f7a9123cd0bcf342372c3e3f898ae2be9e0085680092366e1469d888366c96d78e069edb2fee4bb6d578422ee459f6bc436fc85b9018b5d0e0d84efd5835b4bd

Score

10^/10

oski infostealer spyware stealer suricata

Malware Config

Extracted

Family

oski

C2

weirdtrendz.com

Targets

- Target
  
  C9B7CD9594E42B49718C8E4C093CE9BD2E494AB5D11AE.exe
- Size
  
  318KB
- MD5
  
  6fbe0d88a13f078bdb6ce169f64cf2d6
- SHA1
  
  cafb904a8227f35ca916e1c7b1213ce76b4282b2
- SHA256
  
  c9b7cd9594e42b49718c8e4c093ce9bd2e494ab5d11ae6fbe505ce24a5cc3867
- SHA512
  
  f7a9123cd0bcf342372c3e3f898ae2be9e0085680092366e1469d888366c96d78e069edb2fee4bb6d578422ee459f6bc436fc85b9018b5d0e0d84efd5835b4bd
Score

10^/10

oski infostealer spyware stealer suricata
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
  suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
  suricata
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

oskiinfostealerspywarestealersuricata

behavioral2

oskiinfostealerspywarestealersuricata