General
-
Target
18e2b4fb63b38a0d2441bfa6f2afa3c6494e4f85479505f7d228447720ac0485.bin
-
Size
308KB
-
Sample
220929-mklsaaaeb3
-
MD5
be5881faee054826d32c90d47fed53ce
-
SHA1
25c63bcb8353bd35a4fd28826a5dd959d73379b6
-
SHA256
18e2b4fb63b38a0d2441bfa6f2afa3c6494e4f85479505f7d228447720ac0485
-
SHA512
b7d15268a15eec00b1069c391d18406de850334e13653ecd87eb936001d1c02aa10e9f597bd181408f1f232ca212354b01defa5496ce9bfd89a8c9b0c3d881ce
-
SSDEEP
6144:Bu8bleVTTURmXOu5OX/oX0e2AmSTCIr53qnsAvtgcmXDqWiQJ:M8STTUR6OuCgX0UmS9i16J
Malware Config
Extracted
oski
collegesboard.org
Targets
-
-
Target
18e2b4fb63b38a0d2441bfa6f2afa3c6494e4f85479505f7d228447720ac0485.bin
-
Size
308KB
-
MD5
be5881faee054826d32c90d47fed53ce
-
SHA1
25c63bcb8353bd35a4fd28826a5dd959d73379b6
-
SHA256
18e2b4fb63b38a0d2441bfa6f2afa3c6494e4f85479505f7d228447720ac0485
-
SHA512
b7d15268a15eec00b1069c391d18406de850334e13653ecd87eb936001d1c02aa10e9f597bd181408f1f232ca212354b01defa5496ce9bfd89a8c9b0c3d881ce
-
SSDEEP
6144:Bu8bleVTTURmXOu5OX/oX0e2AmSTCIr53qnsAvtgcmXDqWiQJ:M8STTUR6OuCgX0UmS9i16J
Score10/10-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-