oski | b1b4adb57471b463700ab48f81cd2550270fac73e0c1a95366fdc4380d15a659 | Triage

Sharing

General

Target

458ad2463c8a61f37ce0c256d5d824e0
Size

447KB
Sample

231226-ahzj5sdga2
MD5

458ad2463c8a61f37ce0c256d5d824e0
SHA1

3d9e3331f558962d5fbbab68f8a9dcca0b31bb6f
SHA256

b1b4adb57471b463700ab48f81cd2550270fac73e0c1a95366fdc4380d15a659
SHA512

690cc999cf47d7d4020c3087c261b67a1468ed38392cf7b63ff41ed18a93d1a36a2f685c6f44c4121e61a2f49430ac019b7aff45a3a4a8a8da89339ce40b3a17
SSDEEP

12288:efiUDGoIgDSiJc8uFxhSGeFSkVKNA9iMVLF1qHYfpRY80HiN433FLNNNNNNNNNNb:5QjJcJiGegkVIGLF1q4fpRY80HiN433h

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

evakark.xyz

Targets

- Target
  
  458ad2463c8a61f37ce0c256d5d824e0
- Size
  
  447KB
- MD5
  
  458ad2463c8a61f37ce0c256d5d824e0
- SHA1
  
  3d9e3331f558962d5fbbab68f8a9dcca0b31bb6f
- SHA256
  
  b1b4adb57471b463700ab48f81cd2550270fac73e0c1a95366fdc4380d15a659
- SHA512
  
  690cc999cf47d7d4020c3087c261b67a1468ed38392cf7b63ff41ed18a93d1a36a2f685c6f44c4121e61a2f49430ac019b7aff45a3a4a8a8da89339ce40b3a17
- SSDEEP
  
  12288:efiUDGoIgDSiJc8uFxhSGeFSkVKNA9iMVLF1qHYfpRY80HiN433FLNNNNNNNNNNb:5QjJcJiGegkVIGLF1q4fpRY80HiN433h
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealerspywarestealer

behavioral2