General

  • Target

    3519d9884a37f6e79b9e5f19b97a3d99

  • Size

    1.3MB

  • Sample

    231231-n1ppjsagam

  • MD5

    3519d9884a37f6e79b9e5f19b97a3d99

  • SHA1

    49d06c39e5664977651d4e16d00ebcad6659917c

  • SHA256

    488482565caeb316c3182e323a178f0357878a3b564bb22abff6ffb01feb051a

  • SHA512

    a5f8fbd4197a4962f75d30fab5c6c7de0f5e0b137dc5de8cad10a25bdaf9ff60a78fd35bdb9fbb2402762e0332a445974d92284ee39169505282be17051d0060

  • SSDEEP

    24576:TsV676DOVfx8Dgyfx8Dg1TQU8vYB7r+UCmDW0t5xSNwDZZGL:W676c58Dgy58DgNQU8+dk0dSCZU

Malware Config

Extracted

Family

oski

C2

http://2.56.59.226/www/

Targets

    • Target

      3519d9884a37f6e79b9e5f19b97a3d99

    • Size

      1.3MB

    • MD5

      3519d9884a37f6e79b9e5f19b97a3d99

    • SHA1

      49d06c39e5664977651d4e16d00ebcad6659917c

    • SHA256

      488482565caeb316c3182e323a178f0357878a3b564bb22abff6ffb01feb051a

    • SHA512

      a5f8fbd4197a4962f75d30fab5c6c7de0f5e0b137dc5de8cad10a25bdaf9ff60a78fd35bdb9fbb2402762e0332a445974d92284ee39169505282be17051d0060

    • SSDEEP

      24576:TsV676DOVfx8Dgyfx8Dg1TQU8vYB7r+UCmDW0t5xSNwDZZGL:W676c58Dgy58DgNQU8+dk0dSCZU

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks