Extracted

• • Target

    os.exe

  • Size

    469KB

  • MD5

    3e0559f907c481442d53ac625c3d98b0

  • SHA1

    acad6550d0d9a43d791cd5aaf78237053ab2e9e2

  • SHA256

    b7bf04a5d5d14c38358fb28f8e2453bf45926684769ad6a79a4bf110d8587af5

  • SHA512

    1b05ea5c49483b68b420a0beb62039445288ac8325bb52b3ffa2a1de6a4241b261d2329db9d49df19fb909e042b199091c878c0b49a477cede7b4229ff548567

  Score

  10^/10

  oskiinfostealerpersistencespywaresuricata

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

    infostealeroski

  • suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

    suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt)

    suricata

  • suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2

    suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (Passwords.txt) M2

    suricata

  • suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2

    suricata: ET MALWARE Suspicious Zipped Filename in Outbound POST Request (passwords.txt) M2

    suricata

  • suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

    suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer Data Exfil

    suricata

  • suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

    suricata: ET MALWARE Vidar/Arkei/Megumin/Oski Stealer HTTP POST Pattern

    suricata

  • Downloads MZ/PE file

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2