oski | 1301c090453fd24b3da7c9d9aa968da1a4d21ec187b23e8eae8b25f521aece2a | Triage

Sharing

General

Target

924ac76d8c78cfb7818bcdc75d0f44a7
Size

931KB
Sample

220627-kgz5dsbgf3
MD5

924ac76d8c78cfb7818bcdc75d0f44a7
SHA1

e8c7c34a19418dd2a1752e3f9e5b09871c352058
SHA256

1301c090453fd24b3da7c9d9aa968da1a4d21ec187b23e8eae8b25f521aece2a
SHA512

bb12e6682a11f195282e3ce14fb006a37bff8cfb0146924c996c80e7e2d76ffc47581bfae85f0017fd062515da8809ebf6fc46920349672ca648a0af22545427

Score

10^/10

oski infostealer spyware stealer suricata

Malware Config

Extracted

Family

oski

C2

nedu1994.xyz

Targets

- Target
  
  924ac76d8c78cfb7818bcdc75d0f44a7
- Size
  
  931KB
- MD5
  
  924ac76d8c78cfb7818bcdc75d0f44a7
- SHA1
  
  e8c7c34a19418dd2a1752e3f9e5b09871c352058
- SHA256
  
  1301c090453fd24b3da7c9d9aa968da1a4d21ec187b23e8eae8b25f521aece2a
- SHA512
  
  bb12e6682a11f195282e3ce14fb006a37bff8cfb0146924c996c80e7e2d76ffc47581bfae85f0017fd062515da8809ebf6fc46920349672ca648a0af22545427
Score

10^/10

oski infostealer spyware stealer suricata
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
  suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
  suricata
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

oskiinfostealerspywarestealersuricata