Extracted

• • Target

    28D5E4DCAADFBD31A3C06048031BF9070D8A6F81ABEEF.exe

  • Size

    322KB

  • MD5

    f61ed5198e5dd131980bbd500c0aa319

  • SHA1

    b777cb080166f9268067981e963455e084c5dfe2

  • SHA256

    28d5e4dcaadfbd31a3c06048031bf9070d8a6f81abeef808cdf4a6d5c19d783c

  • SHA512

    67ca7388607ffeaa980222f9cab550c2f8bd7c2099eeb41059ae1415dc3aa8e36c4feaf892e617819249bd34f9c3ede4eb554e9ae3bae83ea8ef67fe5fe31ae9

  Score

  10^/10

  oskiinfostealerpersistencespywarestealersuricata

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

    infostealeroski

  • suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

    suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

    suricata

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2