oski | fb0901c0241896831cac8f3e139c461ae327fc884812d3a206d4e0b8b7931a2e | Triage

Sharing

General

Target

bb12e61f99f6c7b2d4c8702d02dec5d9.exe
Size

200KB
Sample

220704-a6zj2sdgcm
MD5

bb12e61f99f6c7b2d4c8702d02dec5d9
SHA1

3924763176734ee12f708a7f0fdd05f49c473ac4
SHA256

fb0901c0241896831cac8f3e139c461ae327fc884812d3a206d4e0b8b7931a2e
SHA512

49f6e0ac1ffc8638f8116f5e5d5e3a9548ced2f788638f370bba55225184d71bf1e10e9c8a12aff3911a40b228f337a1bfeb20fc3394e2630601d0b2cd709220

Score

10^/10

oski infostealer spyware stealer suricata

Malware Config

Extracted

Family

oski

C2

ipc-nena.net/oski/

Targets

- Target
  
  bb12e61f99f6c7b2d4c8702d02dec5d9.exe
- Size
  
  200KB
- MD5
  
  bb12e61f99f6c7b2d4c8702d02dec5d9
- SHA1
  
  3924763176734ee12f708a7f0fdd05f49c473ac4
- SHA256
  
  fb0901c0241896831cac8f3e139c461ae327fc884812d3a206d4e0b8b7931a2e
- SHA512
  
  49f6e0ac1ffc8638f8116f5e5d5e3a9548ced2f788638f370bba55225184d71bf1e10e9c8a12aff3911a40b228f337a1bfeb20fc3394e2630601d0b2cd709220
Score

10^/10

oski infostealer spyware stealer suricata
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
  suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern
  suricata
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealerspywarestealersuricata

behavioral2

oskiinfostealerspywarestealersuricata