General
-
Target
90cfb42d8415b2804d7335d4e9ddda33264906b0169dd121ccc80bd50643d0e2.exe
-
Size
432KB
-
Sample
230405-m6gqfsfh7v
-
MD5
566e00ed92162e1941567623e9938067
-
SHA1
3e285319ece4b35b877dd60a920d8970d87ed3fd
-
SHA256
90cfb42d8415b2804d7335d4e9ddda33264906b0169dd121ccc80bd50643d0e2
-
SHA512
7d96e0aea8302506713613ed68a55cea2ec0f1e4cd64ba6ff424bd772c621a6ad9136da2ec9c1f80b41c4267f7bd2ace82923f2ae2221010568f1e5de63fceaa
-
SSDEEP
6144:K2nLfyfKQu8zZ0zQ7Cn7ggrw5vK/cKomvWzMlTRay9VAHPpczK3qKTmZrqBMdGGF:K2nLYpzZUMKNHompdBwcKJurqBpJXAAu
Malware Config
Extracted
oski
Fragly.top
Targets
-
-
Target
90cfb42d8415b2804d7335d4e9ddda33264906b0169dd121ccc80bd50643d0e2.exe
-
Size
432KB
-
MD5
566e00ed92162e1941567623e9938067
-
SHA1
3e285319ece4b35b877dd60a920d8970d87ed3fd
-
SHA256
90cfb42d8415b2804d7335d4e9ddda33264906b0169dd121ccc80bd50643d0e2
-
SHA512
7d96e0aea8302506713613ed68a55cea2ec0f1e4cd64ba6ff424bd772c621a6ad9136da2ec9c1f80b41c4267f7bd2ace82923f2ae2221010568f1e5de63fceaa
-
SSDEEP
6144:K2nLfyfKQu8zZ0zQ7Cn7ggrw5vK/cKomvWzMlTRay9VAHPpczK3qKTmZrqBMdGGF:K2nLYpzZUMKNHompdBwcKJurqBpJXAAu
Score10/10-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Themida packer
Detects Themida, an advanced Windows software protection system.
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-