oski | 48080b4beab297a81ad9a5b8f5dc59e23cc97cf09befd23d6d5624e06e6ef586 | Triage

Sharing

General

Target

48080b4beab297a81ad9a5b8f5dc59e23cc97cf09befd23d6d5624e06e6ef586
Size

270KB
Sample

230129-yfyf3abc66
MD5

4d13a2d6331e03add23dc16a04ba0cfb
SHA1

08c9ef9da024b96c05eecb9532dc9ff9dceb0319
SHA256

48080b4beab297a81ad9a5b8f5dc59e23cc97cf09befd23d6d5624e06e6ef586
SHA512

9a57c5ec7cbdb600fd6254871111e4f5f0a512576b792e20127f1f92b2f61e4bc56a6a5fa1717d36ca8443ce7bfee865e8f39230bcebb566e85c0fd36fc96fe1
SSDEEP

6144:PMkNQIVGURZU/kb+K8FAZdKPznvNYTAOjjhLnWQvdFCE2Pg8+6xvzu:kTQRZUG+KAqdKrvOTnZtVj2Pg8lvzu

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

timecforgoodnes.ml

Targets

- Target
  
  48080b4beab297a81ad9a5b8f5dc59e23cc97cf09befd23d6d5624e06e6ef586
- Size
  
  270KB
- MD5
  
  4d13a2d6331e03add23dc16a04ba0cfb
- SHA1
  
  08c9ef9da024b96c05eecb9532dc9ff9dceb0319
- SHA256
  
  48080b4beab297a81ad9a5b8f5dc59e23cc97cf09befd23d6d5624e06e6ef586
- SHA512
  
  9a57c5ec7cbdb600fd6254871111e4f5f0a512576b792e20127f1f92b2f61e4bc56a6a5fa1717d36ca8443ce7bfee865e8f39230bcebb566e85c0fd36fc96fe1
- SSDEEP
  
  6144:PMkNQIVGURZU/kb+K8FAZdKPznvNYTAOjjhLnWQvdFCE2Pg8+6xvzu:kTQRZUG+KAqdKrvOTnZtVj2Pg8lvzu
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Executes dropped EXE
- Drops startup file
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealerspywarestealer

behavioral2

oskiinfostealerspywarestealer