Overview

overview

10

Static

static

a2c723046a...71.exe

windows7-x64

10

a2c723046a...71.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a2c723046a2c17a707b9637692fffb71.exe

  • Size

    879KB

  • Sample

    220719-dhwp2agca3

  • MD5

    a2c723046a2c17a707b9637692fffb71

  • SHA1

    a6f9221de5a668581363fa8169bb7b1c138e33cb

  • SHA256

    fae525089f850763e561a756f8378667c9ed081493ba9871847c83e0013a292d

  • SHA512

    20caec409291ec011fb6b62101031ec05eb1a4f57486753ba406dcefb8ec6a32e5655e1d95cc48a27317a18627fbf5fd8fbc22daa2d61923444c3041c11b825a

Score
10/10
oskiinfostealer

Malware Config

Extracted

Family

oski

C2

masterwork.me

Targets

    • Target

      a2c723046a2c17a707b9637692fffb71.exe

    • Size

      879KB

    • MD5

      a2c723046a2c17a707b9637692fffb71

    • SHA1

      a6f9221de5a668581363fa8169bb7b1c138e33cb

    • SHA256

      fae525089f850763e561a756f8378667c9ed081493ba9871847c83e0013a292d

    • SHA512

      20caec409291ec011fb6b62101031ec05eb1a4f57486753ba406dcefb8ec6a32e5655e1d95cc48a27317a18627fbf5fd8fbc22daa2d61923444c3041c11b825a

    Score
    10/10
    oskiinfostealer

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

      infostealeroski

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks