oski | b0f6371db252edc20aeaee0ed2ff64c2514515d7d0f823d508b756269ccabfbd | Triage

Sharing

General

Target

Purchase Order.pdf.exe
Size

273KB
Sample

220929-za94cachbl
MD5

f90a77f7962de4074d4dc02d82b765be
SHA1

e8a9ec0c4032818fa92cd148a770fa6192535ce5
SHA256

b0f6371db252edc20aeaee0ed2ff64c2514515d7d0f823d508b756269ccabfbd
SHA512

a36a482019f06813e5642c33db15fd6f0ef9954c5c97e427a442cffd38b8ead68931314c677940ca78232c2d2710c95413ccb2b41f234d120ffdbcad162182f9
SSDEEP

6144:MVP0JqJ1peuOkG6Msr49xOfyGU3LLEE/X9jdR+j1sfw6kVtgfnZ:e0JqJeKDMs4T3kMXjg1sjYgfnZ

Score

10^/10

oski infostealer persistence spyware stealer

Malware Config

Extracted

Family

oski

C2

�&C

virzx.xyz

Targets

- Target
  
  Purchase Order.pdf.exe
- Size
  
  273KB
- MD5
  
  f90a77f7962de4074d4dc02d82b765be
- SHA1
  
  e8a9ec0c4032818fa92cd148a770fa6192535ce5
- SHA256
  
  b0f6371db252edc20aeaee0ed2ff64c2514515d7d0f823d508b756269ccabfbd
- SHA512
  
  a36a482019f06813e5642c33db15fd6f0ef9954c5c97e427a442cffd38b8ead68931314c677940ca78232c2d2710c95413ccb2b41f234d120ffdbcad162182f9
- SSDEEP
  
  6144:MVP0JqJ1peuOkG6Msr49xOfyGU3LLEE/X9jdR+j1sfw6kVtgfnZ:e0JqJeKDMs4T3kMXjg1sjYgfnZ
Score

10^/10

oski infostealer persistence spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealerpersistencespywarestealer

behavioral2

oskiinfostealerpersistencespywarestealer