oski | d1b168734819a64df81a4b439b54c5e9c8770973313eb227e24226a6536c84ce | Triage

Sharing

General

Target

d1b168734819a64df81a4b439b54c5e9c8770973313eb227e24226a6536c84ce
Size

541KB
Sample

230124-nthmnacb6v
MD5

e5f53562e08c032f6c18e69367365837
SHA1

bdc61269a61a6ec1ba96c9fa0550f500c60e63a6
SHA256

d1b168734819a64df81a4b439b54c5e9c8770973313eb227e24226a6536c84ce
SHA512

4fee9e525dfdfeb2f7ba978798eb5ca22d0671b9ce5d395acf1949c328ec45df4a7f755416cf6e5d411e961c782ee584bfb4008e1dcc594e55ab7990c0c0f89a
SSDEEP

6144:bU+etW4tbe3clpWyOb0p9f6b/HZSN9EXRLtjHJMoAjPfGs9x77tiCRnllQw8Kv60:IzGkWya0zyz5yaVHJMoSXGuNiCFLMdG

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

tomasisa.ug

Targets

- Target
  
  d1b168734819a64df81a4b439b54c5e9c8770973313eb227e24226a6536c84ce
- Size
  
  541KB
- MD5
  
  e5f53562e08c032f6c18e69367365837
- SHA1
  
  bdc61269a61a6ec1ba96c9fa0550f500c60e63a6
- SHA256
  
  d1b168734819a64df81a4b439b54c5e9c8770973313eb227e24226a6536c84ce
- SHA512
  
  4fee9e525dfdfeb2f7ba978798eb5ca22d0671b9ce5d395acf1949c328ec45df4a7f755416cf6e5d411e961c782ee584bfb4008e1dcc594e55ab7990c0c0f89a
- SSDEEP
  
  6144:bU+etW4tbe3clpWyOb0p9f6b/HZSN9EXRLtjHJMoAjPfGs9x77tiCRnllQw8Kv60:IzGkWya0zyz5yaVHJMoSXGuNiCFLMdG
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealerspywarestealer

behavioral2

oskiinfostealerspywarestealer