oski | e423ba7a079fb14c18abd0592a0278db38d71aa3dd70730f557a9036bedd31c5 | Triage

Sharing

General

Target

e423ba7a079fb14c18abd0592a0278db38d71aa3dd70730f557a9036bedd31c5
Size

412KB
Sample

230129-ye6q2scf9x
MD5

e1f89a0e2ec8b806a92ff573d6e305ab
SHA1

e8183cf8dd1c7cb56e02296f116b65c40270489a
SHA256

e423ba7a079fb14c18abd0592a0278db38d71aa3dd70730f557a9036bedd31c5
SHA512

b9231220b1be9c2c8bf8bdb88049b60c4634d1c02bc13b05c4f845d7b0436445ab006023bcc74066c89c0f07f8ad179b80e5fa666c3f81583ec482cdc946cf64
SSDEEP

12288:D4osTQRZUG+KAqdKrvOTnZtVj2Pg8zs2:D4J9311Rs2

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

timecforgoodnes.ml

Targets

- Target
  
  e423ba7a079fb14c18abd0592a0278db38d71aa3dd70730f557a9036bedd31c5
- Size
  
  412KB
- MD5
  
  e1f89a0e2ec8b806a92ff573d6e305ab
- SHA1
  
  e8183cf8dd1c7cb56e02296f116b65c40270489a
- SHA256
  
  e423ba7a079fb14c18abd0592a0278db38d71aa3dd70730f557a9036bedd31c5
- SHA512
  
  b9231220b1be9c2c8bf8bdb88049b60c4634d1c02bc13b05c4f845d7b0436445ab006023bcc74066c89c0f07f8ad179b80e5fa666c3f81583ec482cdc946cf64
- SSDEEP
  
  12288:D4osTQRZUG+KAqdKrvOTnZtVj2Pg8zs2:D4J9311Rs2
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealerspywarestealer

behavioral2

oskiinfostealerspywarestealer