oski | 69f41c2c444cd2147188d547c5edd6a4a8e2f238df52e1709dc7bb1066232ecc

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 11:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

345e98e236be7ff4c4943c2fe64d4a5d.exe
Size

200KB
MD5

345e98e236be7ff4c4943c2fe64d4a5d
SHA1

62d6c63921c4d8346f0e4d9ebead6a89799fc62d
SHA256

69f41c2c444cd2147188d547c5edd6a4a8e2f238df52e1709dc7bb1066232ecc
SHA512

77cf59a04f3920d9d79dc7912a32d56f630753d8fac4c77efeb8f1b42ba914ba9e6980e11bf1b393760cd57e59e9cd2676ddb6db9fda6fe6c9d111b9adb0d68f
SSDEEP

3072:WfUomEuYm98dlSq7gt5q7Dx+XgS6aCEwhOfUbCalNT2pbB3fIx1Xi6FLPo3c:WfUauY68uSWCx+XA7mg2pNQ1Ljo3c

Score

10^/10

oski infostealer spyware stealer

Malware Config

Signatures

Oski
Oski is an infostealer targeting browser data, crypto wallets.
infostealer oski
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4304	4524	WerFault.exe	16

C:\Users\Admin\AppData\Local\Temp\345e98e236be7ff4c4943c2fe64d4a5d.exe
"C:\Users\Admin\AppData\Local\Temp\345e98e236be7ff4c4943c2fe64d4a5d.exe"
1⤵
PID:4524
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 1300
  2⤵
  - Program crash
  PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4524 -ip 4524
1⤵
PID:4564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads