Overview

overview

10

Static

static

4db9628c25...d6.exe

windows7-x64

10

4db9628c25...d6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7751296120.zip

  • Size

    315KB

  • Sample

    220719-tbfy1agabj

  • MD5

    5d2479f46c8e3c0a2978e8c176e1569a

  • SHA1

    dfbf8e3617f50902b3cba5766a33ab1fb4ce5345

  • SHA256

    2de955e75c95085725bbd85c135b41e5678517da8fb9ba7db6d35749f63b7636

  • SHA512

    b82785d52d7880b90ef5890ae865697cf87b587b59df2f34d8195e1c8ac0381fbe10ee3ebecc159f730c15717d3e8f49b3536c0990fbb3a8c0bbe2f3d8f8b671

Score
10/10
oskiinfostealer

Malware Config

Extracted

Family

oski

C2

postalresolve.com

Targets

    • Target

      4db9628c253be13ee838313ce4aba48da07bd2f1e73cb630a59a59b44587efd6

    • Size

      388KB

    • MD5

      0e3b92ef55843eb0d93da30658bac843

    • SHA1

      857182cc43c7aebd753dbf770ae5c2fa8c8e3500

    • SHA256

      4db9628c253be13ee838313ce4aba48da07bd2f1e73cb630a59a59b44587efd6

    • SHA512

      adb128804806daa4a63daf477c2fb275af60b63c0a0cdb25f6c85f0565ee26d55b2595638d433a96ea483121893aa86c1a0cdadfa244ac4dad5137349049f241

    Score
    10/10
    oskiinfostealer

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

      infostealeroski

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks