oski | fae525089f850763e561a756f8378667c9ed081493ba9871847c83e0013a292d | Triage

Sharing

General

Target

a2c723046a2c17a707b9637692fffb71.exe
Size

879KB
Sample

220719-dhwp2agca3
MD5

a2c723046a2c17a707b9637692fffb71
SHA1

a6f9221de5a668581363fa8169bb7b1c138e33cb
SHA256

fae525089f850763e561a756f8378667c9ed081493ba9871847c83e0013a292d
SHA512

20caec409291ec011fb6b62101031ec05eb1a4f57486753ba406dcefb8ec6a32e5655e1d95cc48a27317a18627fbf5fd8fbc22daa2d61923444c3041c11b825a

Score

10^/10

oski infostealer

Malware Config

Extracted

Family

oski

C2

masterwork.me

Targets

- Target
  
  a2c723046a2c17a707b9637692fffb71.exe
- Size
  
  879KB
- MD5
  
  a2c723046a2c17a707b9637692fffb71
- SHA1
  
  a6f9221de5a668581363fa8169bb7b1c138e33cb
- SHA256
  
  fae525089f850763e561a756f8378667c9ed081493ba9871847c83e0013a292d
- SHA512
  
  20caec409291ec011fb6b62101031ec05eb1a4f57486753ba406dcefb8ec6a32e5655e1d95cc48a27317a18627fbf5fd8fbc22daa2d61923444c3041c11b825a
Score

10^/10

oski infostealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealer

behavioral2

oskiinfostealer