Overview

overview

10

Static

static

379ab7eebd...46.exe

windows7-x64

10

379ab7eebd...46.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    379ab7eebd100778e2605df3c32da046.exe

  • Size

    595KB

  • Sample

    220726-s1wv3sbahp

  • MD5

    379ab7eebd100778e2605df3c32da046

  • SHA1

    cba7f97fb75338262c97549608a653c155150813

  • SHA256

    0d680dba51deffe04686d1df8c87de9c6c0310f7060bf4cfb0079a2f25caef10

  • SHA512

    f95a923b84b7594a464bcf981e01af94d4e4d1d3bc98e52c022aac12c9393106fe1fda97a66b15cfdae867e2272585a1a99e6e7237f823fde6c0183c6676a7a3

Score
10/10
oskiinfostealerpersistence

Malware Config

Extracted

Family

oski

C2

quisha.axwebsite.com

Targets

    • Target

      379ab7eebd100778e2605df3c32da046.exe

    • Size

      595KB

    • MD5

      379ab7eebd100778e2605df3c32da046

    • SHA1

      cba7f97fb75338262c97549608a653c155150813

    • SHA256

      0d680dba51deffe04686d1df8c87de9c6c0310f7060bf4cfb0079a2f25caef10

    • SHA512

      f95a923b84b7594a464bcf981e01af94d4e4d1d3bc98e52c022aac12c9393106fe1fda97a66b15cfdae867e2272585a1a99e6e7237f823fde6c0183c6676a7a3

    Score
    10/10
    oskiinfostealerpersistence

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

      infostealeroski

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks