oski | a2ae38d4b467bc8ab66ae53b28bd01365e9240b83f7f5e952d42c2aee0eae3ca | Triage

Sharing

General

Target

cc4bdd8e7f88763262c4634434b1dd77
Size

1.1MB
Sample

231222-r67n4adcfp
MD5

cc4bdd8e7f88763262c4634434b1dd77
SHA1

f79dafab3b401354ee39c1e212cbd2f7b578971a
SHA256

a2ae38d4b467bc8ab66ae53b28bd01365e9240b83f7f5e952d42c2aee0eae3ca
SHA512

dbf2a96ad199051dd7466c164024dca35b08b09d6a5384a1f5aea0ca6f3474f1e1dd9a8d329676bfd4e4271494c2de0a276c59e1f677ce4696c34292bc2e8b36
SSDEEP

24576:4MXD6D+Xq6Hy1Tl99QQdt7eq7XrN7xoeizky+Vr8x:zXD6D+6Z1Tri4r7o9aVox

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

176.113.82.180

Targets

- Target
  
  cc4bdd8e7f88763262c4634434b1dd77
- Size
  
  1.1MB
- MD5
  
  cc4bdd8e7f88763262c4634434b1dd77
- SHA1
  
  f79dafab3b401354ee39c1e212cbd2f7b578971a
- SHA256
  
  a2ae38d4b467bc8ab66ae53b28bd01365e9240b83f7f5e952d42c2aee0eae3ca
- SHA512
  
  dbf2a96ad199051dd7466c164024dca35b08b09d6a5384a1f5aea0ca6f3474f1e1dd9a8d329676bfd4e4271494c2de0a276c59e1f677ce4696c34292bc2e8b36
- SSDEEP
  
  24576:4MXD6D+Xq6Hy1Tl99QQdt7eq7XrN7xoeizky+Vr8x:zXD6D+6Z1Tri4r7o9aVox
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealer

behavioral2

oskiinfostealerspywarestealer