oski | d894f6b5147fcbadc428a161bfc8b7b4b0d040665862eb4c8d1b3624b09cd6fa

Analysis

max time kernel
135s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05-05-2023 04:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c20f1a1b65385be4a6cc1924f0fe7334.exe
Size

200KB
MD5

c20f1a1b65385be4a6cc1924f0fe7334
SHA1

a6fc64e75dbbe40b7beaeea3f00f7db9bcc95c0a
SHA256

d894f6b5147fcbadc428a161bfc8b7b4b0d040665862eb4c8d1b3624b09cd6fa
SHA512

89c28492aa10a557a8f71c183c261198e28d7fbf40d6aee98bf175643cc725011a9ccff705ffcdb0ac70bf5092fc9ab99a0bde45c2ab77cd42c6e0a3d86d8b01
SSDEEP

3072:WfUomEuYm98dlSq7gt5q7Dx+XgS6aCEwhOfUbCalNT2pbB3fI91Xi6FLPo3c:WfUauY68uSWCx+XA7mg2pNo1Ljo3c

Score

10^/10

oski infostealer spyware stealer

Malware Config

Signatures

Oski
Oski is an infostealer targeting browser data, crypto wallets.
infostealer oski
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

4728 4696 WerFault.exe c20f1a1b65385be4a6cc1924f0fe7334.exe

pid	pid_target	process	target process
4728	4696	WerFault.exe	c20f1a1b65385be4a6cc1924f0fe7334.exe

C:\Users\Admin\AppData\Local\Temp\c20f1a1b65385be4a6cc1924f0fe7334.exe
"C:\Users\Admin\AppData\Local\Temp\c20f1a1b65385be4a6cc1924f0fe7334.exe"
1⤵
PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 1804
2⤵
- Program crash
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 364 -p 4696 -ip 4696
1⤵
PID:3308

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\msvcp140.dll
Filesize
96KB

MD5
20890f5ea194206b6bbb577aca94ab26

SHA1
b99d0104f4e59d9e7346d6a98995d95a76e3512f

SHA256
84b297b7375326a199e291d87fba3fc470032e61ad88ebb28b3964877bfeed59

SHA512
8beff7def7136f2b94b66346d2e7985e6edcd0691642100ec825d086ce7d7f58be02376962641e9291df439e600da1163f5cbe02dab7aaeb4c74cbe4572987b2

Download Submit