General

  • Target

    2a464034b049ac41505571c33fe59489

  • Size

    1.2MB

  • Sample

    231231-ga7zwahce3

  • MD5

    2a464034b049ac41505571c33fe59489

  • SHA1

    b73cf1b589b9e77728f3c39317516d9d4d8ebffc

  • SHA256

    9ca37d16fbb8d3dfd3801c6032ebedde91fff2a3dbebe0c61b2ad392597afac3

  • SHA512

    6d603e0a62957aab16679075d8cb01c6e2d43db5e806c489917ecad629c73c49eabaecde41c84595fd3ee7d11a00c6871eea7aa297cb52027dae1182d2bf610d

  • SSDEEP

    24576:qI86mOmxVc5GdjjISb28ldt7iY2MnEBYjCv2I1QmgWmgYlSZN:i6CLt2YNqYGeCCMN

Malware Config

Extracted

Language
xlm4.0
Source

Extracted

Family

oski

C2

himarkh.xyz

Targets

    • Target

      PURCHASE ORDER AZAS112.xls.xll

    • Size

      880KB

    • MD5

      4ebc548df517cae4c7e3122e9c75ede6

    • SHA1

      6e19e1e6f3a7b96cf562c2f6768f92580652d427

    • SHA256

      6c67e1ccf77b872b1f3cf257a257d75c4995dc079945080f578b51357ccdbe55

    • SHA512

      359be199470a83ad32db555840c5b33a6b69db96cc188d83d550639fe9fe75464529819fdf0cded9d489cb7ba03802667ac373d3ad2a3f7e4069b023c8508290

    • SSDEEP

      24576:/zbGHAzHAjX1BcLgtBoKF0KihRPX0qFNE:/ziHILEV6Fm

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks