Overview

overview

10

Static

static

28D5E4DCAA...EF.exe

windows7-x64

10

28D5E4DCAA...EF.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    28D5E4DCAADFBD31A3C06048031BF9070D8A6F81ABEEF.exe

  • Size

    322KB

  • Sample

    220718-hqcdksabe3

  • MD5

    f61ed5198e5dd131980bbd500c0aa319

  • SHA1

    b777cb080166f9268067981e963455e084c5dfe2

  • SHA256

    28d5e4dcaadfbd31a3c06048031bf9070d8a6f81abeef808cdf4a6d5c19d783c

  • SHA512

    67ca7388607ffeaa980222f9cab550c2f8bd7c2099eeb41059ae1415dc3aa8e36c4feaf892e617819249bd34f9c3ede4eb554e9ae3bae83ea8ef67fe5fe31ae9

Score
10/10
oskiinfostealerpersistencespywarestealersuricata

Malware Config

Extracted

Family

oski

C2

gemsbundle.com

Targets

    • Target

      28D5E4DCAADFBD31A3C06048031BF9070D8A6F81ABEEF.exe

    • Size

      322KB

    • MD5

      f61ed5198e5dd131980bbd500c0aa319

    • SHA1

      b777cb080166f9268067981e963455e084c5dfe2

    • SHA256

      28d5e4dcaadfbd31a3c06048031bf9070d8a6f81abeef808cdf4a6d5c19d783c

    • SHA512

      67ca7388607ffeaa980222f9cab550c2f8bd7c2099eeb41059ae1415dc3aa8e36c4feaf892e617819249bd34f9c3ede4eb554e9ae3bae83ea8ef67fe5fe31ae9

    Score
    10/10
    oskiinfostealerpersistencespywarestealersuricata

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

      infostealeroski

    • suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

      suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

      suricata

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks