oski | 2082e713282ab51284141b3dbd96f27bd7c27dec371c800f678916a1719bbb83 | Triage

Submit
Reports

Overview

overview

Static

static

2023-02-01...ia.exe

windows7-x64

2023-02-01...ia.exe

windows10-2004-x64

Sharing

General

Target

2023-02-01_ddee3051b544961caf086b496a1335eb_mafia.exe
Size

200KB
Sample

230201-gvavwaea2x
MD5

ddee3051b544961caf086b496a1335eb
SHA1

94a0b05c3599648dfc7f4a0f89ce7fa0f923fd26
SHA256

2082e713282ab51284141b3dbd96f27bd7c27dec371c800f678916a1719bbb83
SHA512

019e8b6a3c662fe98e2d8bab6f47f007c56b1a1450dfd149a9383c93d96e448d6b8187d3700462f7a22a163a505777dcc314b144ccdb2d001b704ca4048d5afa
SSDEEP

3072:WfUomEuYm98dlSq7gt5q7Dx+XgS6aCEwhOfUbCalNT2pbB3fIM1Xi6FLPo3c:WfUauY68uSWCx+XA7mg2pNl1Ljo3c

Score

10^/10

oski discovery infostealer spyware stealer

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

2023-02-01_ddee3051b544961caf086b496a1335eb_mafia.exe

Resource

win7-20220812-en

oski discovery infostealer spyware stealer

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

2023-02-01_ddee3051b544961caf086b496a1335eb_mafia.exe

Resource

win10v2004-20220812-en

oski discovery infostealer spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  2023-02-01_ddee3051b544961caf086b496a1335eb_mafia.exe
- Size
  
  200KB
- MD5
  
  ddee3051b544961caf086b496a1335eb
- SHA1
  
  94a0b05c3599648dfc7f4a0f89ce7fa0f923fd26
- SHA256
  
  2082e713282ab51284141b3dbd96f27bd7c27dec371c800f678916a1719bbb83
- SHA512
  
  019e8b6a3c662fe98e2d8bab6f47f007c56b1a1450dfd149a9383c93d96e448d6b8187d3700462f7a22a163a505777dcc314b144ccdb2d001b704ca4048d5afa
- SSDEEP
  
  3072:WfUomEuYm98dlSq7gt5q7Dx+XgS6aCEwhOfUbCalNT2pbB3fIM1Xi6FLPo3c:WfUauY68uSWCx+XA7mg2pNl1Ljo3c
Score

10^/10

oski discovery infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Downloads MZ/PE file
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses cryptocurrency files/wallets, possible credential harvesting
  spyware
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskidiscoveryinfostealerspywarestealer

behavioral2

oskidiscoveryinfostealerspywarestealer

© 2018-2024

Terms | Privacy