oski | 95bb38f864cb2a18cc598ce238ef85dc5eae8de91c0f2e58c175460fc8ebe94d | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

Invoice.exe

windows7-x64

Invoice.exe

windows10-2004-x64

Sharing

General

Target

Invoice.exe
Size

974KB
Sample

220901-kbvygscgd4
MD5

288e1e9a0d79b265aaf409a1c39b67dd
SHA1

daccc93545a168dcb69dd8b18ab01ca1f4a68cbc
SHA256

95bb38f864cb2a18cc598ce238ef85dc5eae8de91c0f2e58c175460fc8ebe94d
SHA512

1dedd914fdf8bb966525bb951a348a61ab91d1f1384fb035034eac07d331c09bc460f88cd9412c677998b9bf84a2b6e1d99f2c64e0b79a8a1976b11a9481641b
SSDEEP

24576:jZ5hSCAlqmCXyvuDdGBGwZcZoyMgvN6QAJXY+mzo3bv:d5hStqmSycYGayMgl6QUlmzM

Score

10^/10

oski discovery infostealer spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

Invoice.exe

Resource

win7-20220812-en

oski discovery infostealer spyware stealer

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

Invoice.exe

Resource

win10v2004-20220812-en

oski discovery infostealer spyware stealer

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

oski

C2

v.m-fit.biz

Targets

- Target
  
  Invoice.exe
- Size
  
  974KB
- MD5
  
  288e1e9a0d79b265aaf409a1c39b67dd
- SHA1
  
  daccc93545a168dcb69dd8b18ab01ca1f4a68cbc
- SHA256
  
  95bb38f864cb2a18cc598ce238ef85dc5eae8de91c0f2e58c175460fc8ebe94d
- SHA512
  
  1dedd914fdf8bb966525bb951a348a61ab91d1f1384fb035034eac07d331c09bc460f88cd9412c677998b9bf84a2b6e1d99f2c64e0b79a8a1976b11a9481641b
- SSDEEP
  
  24576:jZ5hSCAlqmCXyvuDdGBGwZcZoyMgvN6QAJXY+mzo3bv:d5hStqmSycYGayMgl6QUlmzM
Score

10^/10

oski discovery infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Deletes itself
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskidiscoveryinfostealerspywarestealer

behavioral2

oskidiscoveryinfostealerspywarestealer

© 2018-2025

Terms | Privacy