General

  • Target

    c20f1a1b65385be4a6cc1924f0fe7334.exe

  • Size

    200KB

  • Sample

    230505-fckfxsac7t

  • MD5

    c20f1a1b65385be4a6cc1924f0fe7334

  • SHA1

    a6fc64e75dbbe40b7beaeea3f00f7db9bcc95c0a

  • SHA256

    d894f6b5147fcbadc428a161bfc8b7b4b0d040665862eb4c8d1b3624b09cd6fa

  • SHA512

    89c28492aa10a557a8f71c183c261198e28d7fbf40d6aee98bf175643cc725011a9ccff705ffcdb0ac70bf5092fc9ab99a0bde45c2ab77cd42c6e0a3d86d8b01

  • SSDEEP

    3072:WfUomEuYm98dlSq7gt5q7Dx+XgS6aCEwhOfUbCalNT2pbB3fI91Xi6FLPo3c:WfUauY68uSWCx+XA7mg2pNo1Ljo3c

Malware Config

Extracted

Family

oski

C2

worthknowing.us

Targets

    • Target

      c20f1a1b65385be4a6cc1924f0fe7334.exe

    • Size

      200KB

    • MD5

      c20f1a1b65385be4a6cc1924f0fe7334

    • SHA1

      a6fc64e75dbbe40b7beaeea3f00f7db9bcc95c0a

    • SHA256

      d894f6b5147fcbadc428a161bfc8b7b4b0d040665862eb4c8d1b3624b09cd6fa

    • SHA512

      89c28492aa10a557a8f71c183c261198e28d7fbf40d6aee98bf175643cc725011a9ccff705ffcdb0ac70bf5092fc9ab99a0bde45c2ab77cd42c6e0a3d86d8b01

    • SSDEEP

      3072:WfUomEuYm98dlSq7gt5q7Dx+XgS6aCEwhOfUbCalNT2pbB3fI91Xi6FLPo3c:WfUauY68uSWCx+XA7mg2pNo1Ljo3c

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

MITRE ATT&CK Matrix ATT&CK v6

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Credentials in Files

1
T1081

Collection

Data from Local System

1
T1005

Tasks