Overview

overview

10

Static

static

swift 6748.26.exe

windows7-x64

3

swift 6748.26.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    swift 6748.26.exe

  • Size

    652KB

  • Sample

    220716-pjcjbsbgd3

  • MD5

    2a66e1def724a506b4a456a573b76c55

  • SHA1

    ae8ea73f5754b4ca8a4ccf727e8db152c20e800f

  • SHA256

    f066b22440bc1fbf1d336c95531d7966ed2c6a0e21db7479d3eb7e61364a32e5

  • SHA512

    9d004d721247ec4bc1eecbfbb1e552cac3c37e20ce370e0d2aa18536ff619f8d8b66abfeb079efcf14fcbe781ae6b3138b16335b7a04f064474003d6b948c5cb

Score
10/10
oskidiscoveryinfostealersuricata

Malware Config

Extracted

Family

oski

C2

foodcircus.ro

Targets

    • Target

      swift 6748.26.exe

    • Size

      652KB

    • MD5

      2a66e1def724a506b4a456a573b76c55

    • SHA1

      ae8ea73f5754b4ca8a4ccf727e8db152c20e800f

    • SHA256

      f066b22440bc1fbf1d336c95531d7966ed2c6a0e21db7479d3eb7e61364a32e5

    • SHA512

      9d004d721247ec4bc1eecbfbb1e552cac3c37e20ce370e0d2aa18536ff619f8d8b66abfeb079efcf14fcbe781ae6b3138b16335b7a04f064474003d6b948c5cb

    Score
    10/10
    oskidiscoveryinfostealersuricata

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

      infostealeroski

    • suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

      suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

      suricata

    • Modifies file permissions

      discovery

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

File Permissions Modification

1
T1222

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks