oski | 2de955e75c95085725bbd85c135b41e5678517da8fb9ba7db6d35749f63b7636 | Triage

Sharing

General

Target

7751296120.zip
Size

315KB
Sample

220719-tbfy1agabj
MD5

5d2479f46c8e3c0a2978e8c176e1569a
SHA1

dfbf8e3617f50902b3cba5766a33ab1fb4ce5345
SHA256

2de955e75c95085725bbd85c135b41e5678517da8fb9ba7db6d35749f63b7636
SHA512

b82785d52d7880b90ef5890ae865697cf87b587b59df2f34d8195e1c8ac0381fbe10ee3ebecc159f730c15717d3e8f49b3536c0990fbb3a8c0bbe2f3d8f8b671

Score

10^/10

oski infostealer

Malware Config

Extracted

Family

oski

C2

postalresolve.com

Targets

- Target
  
  4db9628c253be13ee838313ce4aba48da07bd2f1e73cb630a59a59b44587efd6
- Size
  
  388KB
- MD5
  
  0e3b92ef55843eb0d93da30658bac843
- SHA1
  
  857182cc43c7aebd753dbf770ae5c2fa8c8e3500
- SHA256
  
  4db9628c253be13ee838313ce4aba48da07bd2f1e73cb630a59a59b44587efd6
- SHA512
  
  adb128804806daa4a63daf477c2fb275af60b63c0a0cdb25f6c85f0565ee26d55b2595638d433a96ea483121893aa86c1a0cdadfa244ac4dad5137349049f241
Score

10^/10

oski infostealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealer

behavioral2

oskiinfostealer