oski | b6fd01dfdc4bf70cafeba291f6195eb1eb74589ebbbaf8d66f32efbc079d4caf | Triage

Sharing

General

Target

b6fd01dfdc4bf70cafeba291f6195eb1eb74589ebbbaf8d66f32efbc079d4caf
Size

310KB
Sample

230129-yfbmasbc46
MD5

f2ad6ac9e0bc7297c13a28f6d6af85a5
SHA1

af31c785efd47081181f8d030b97dca8f372700a
SHA256

b6fd01dfdc4bf70cafeba291f6195eb1eb74589ebbbaf8d66f32efbc079d4caf
SHA512

22dba23872534504680cfc78631be8aa5bb7462b293078758aa77663fd09c74ed871b5f230235c7092c2ecc67bc14fe98984d9c80f115f05623797dd1b62f645
SSDEEP

6144:W5kNQIVGURZU/kb+K8FAZdKPznvNYTAOjjhLnWQvdFCEWPQczgZyKxxlH:W5TQRZUG+KAqdKrvOTnZtVjWPQczsnp

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

timecforgoodnes.ml

Targets

- Target
  
  b6fd01dfdc4bf70cafeba291f6195eb1eb74589ebbbaf8d66f32efbc079d4caf
- Size
  
  310KB
- MD5
  
  f2ad6ac9e0bc7297c13a28f6d6af85a5
- SHA1
  
  af31c785efd47081181f8d030b97dca8f372700a
- SHA256
  
  b6fd01dfdc4bf70cafeba291f6195eb1eb74589ebbbaf8d66f32efbc079d4caf
- SHA512
  
  22dba23872534504680cfc78631be8aa5bb7462b293078758aa77663fd09c74ed871b5f230235c7092c2ecc67bc14fe98984d9c80f115f05623797dd1b62f645
- SSDEEP
  
  6144:W5kNQIVGURZU/kb+K8FAZdKPznvNYTAOjjhLnWQvdFCEWPQczgZyKxxlH:W5TQRZUG+KAqdKrvOTnZtVjWPQczsnp
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

oskiinfostealerspywarestealer

behavioral2

oskiinfostealerspywarestealer