General

  • Target

    adddf3a8edacd49f26632d6e2db61c77c1e4f52a0f3ef042528f15eba7aab610

  • Size

    502KB

  • Sample

    220625-lwazgshff7

  • MD5

    ab5be0d669ea17b096b0ab7f70c46d31

  • SHA1

    c0baca7a79c5acbe9b1a326539798599308ad94b

  • SHA256

    adddf3a8edacd49f26632d6e2db61c77c1e4f52a0f3ef042528f15eba7aab610

  • SHA512

    81362639d5e390577403e299df111017ca0246092234c3bdb40968b9cab0ff4ddfaab51c2ed75d253dfd718c682da216ff4d544b828b102b8f94f297e3e55d42

Score
10/10

Malware Config

Extracted

Family

oski

C2

serhuwadwtr.xyz

Targets

    • Target

      adddf3a8edacd49f26632d6e2db61c77c1e4f52a0f3ef042528f15eba7aab610

    • Size

      502KB

    • MD5

      ab5be0d669ea17b096b0ab7f70c46d31

    • SHA1

      c0baca7a79c5acbe9b1a326539798599308ad94b

    • SHA256

      adddf3a8edacd49f26632d6e2db61c77c1e4f52a0f3ef042528f15eba7aab610

    • SHA512

      81362639d5e390577403e299df111017ca0246092234c3bdb40968b9cab0ff4ddfaab51c2ed75d253dfd718c682da216ff4d544b828b102b8f94f297e3e55d42

    Score
    10/10
    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks