oski | 8e07cf5e12ed70918b410fdb95fdf6905c191df169df5fdf994daac99c8bd359 | Triage

Sharing

General

Target

406171ecbe8c3d96852acef91ec2e6db
Size

571KB
Sample

231225-2f384aceh2
MD5

406171ecbe8c3d96852acef91ec2e6db
SHA1

5fb7a4fc46659b510fbcbb51d9e08bdf08490b62
SHA256

8e07cf5e12ed70918b410fdb95fdf6905c191df169df5fdf994daac99c8bd359
SHA512

d0c472148ded74e627d33f1f1124b9275ba8ab9d2cb1443a88ebfecce57755b7e88d39e77819bbba75dad6cf905ba85e5372ca9341790f56e121263ababf10a3
SSDEEP

12288:B5tM+E02iNv4sxxrMAbU3Sg9r28R1g9lHQI0uS:vbE01usjMMuSg96WIjV

Score

10^/10

oski infostealer

Malware Config

Extracted

Family

oski

C2

fair.le-pearl.com

Targets

- Target
  
  406171ecbe8c3d96852acef91ec2e6db
- Size
  
  571KB
- MD5
  
  406171ecbe8c3d96852acef91ec2e6db
- SHA1
  
  5fb7a4fc46659b510fbcbb51d9e08bdf08490b62
- SHA256
  
  8e07cf5e12ed70918b410fdb95fdf6905c191df169df5fdf994daac99c8bd359
- SHA512
  
  d0c472148ded74e627d33f1f1124b9275ba8ab9d2cb1443a88ebfecce57755b7e88d39e77819bbba75dad6cf905ba85e5372ca9341790f56e121263ababf10a3
- SSDEEP
  
  12288:B5tM+E02iNv4sxxrMAbU3Sg9r28R1g9lHQI0uS:vbE01usjMMuSg96WIjV
Score

10^/10

oski infostealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealer

behavioral2

oskiinfostealer