Overview

overview

10

Static

static

3

RFQ 602094...ls.xll

windows7-x64

7

RFQ 602094...ls.xll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3df9ffb7f1eb181e13fdd4577cba87a3

  • Size

    1.2MB

  • Sample

    240101-1sw5wadhb6

  • MD5

    3df9ffb7f1eb181e13fdd4577cba87a3

  • SHA1

    c71d7614e28413793e49765c499126842227c9a8

  • SHA256

    b65d45fb96b54c2929c52436ac416814917d294b82a89185bc0c9f81e6a44093

  • SHA512

    5aeea33bd6f023c27ad7de66a15908cce84ba3b8b8c53bdb53922488dec0cc2e075f0d98ed584e651fcd3771f138a8ac475a56a4215d249f8cbdcd78a4de94b6

  • SSDEEP

    24576:pwj78OnD4D2AgtKQLeMBJ6YOp0e3b2DqHGvhTPBIt/T8V:ujtmYC0AyDqOYoV

Score
10/10
oskiinfostealer

Malware Config

Extracted

Language
xlm4.0
Source

Targets

    • Target

      RFQ 6020943651-FOR-ATENS.xls.xll

    • Size

      879KB

    • MD5

      2344d5013ae84f4d70bf359575fba402

    • SHA1

      ed763a02ea15c388ec462cb9a4dfba22d0248631

    • SHA256

      338ffcde4891ef19f8b2974f2a9188e14a90f592322c8fb07acb662b57b35771

    • SHA512

      0d532edf4d2a6d2daab537dcb8e8e1b50cb0b27c3b0e4745b9748a06ecc287f025c77e1ee68172454b63a916e66bb611a930e2a0d22c1ff5922d2e98121e0a3d

    • SSDEEP

      24576:pzbGHAzHAjX1lcLgUarYin3qy8sCwFCvlFC:pziHIvEzn3qy8QFW

    Score
    10/10
    oskiinfostealer

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

      infostealeroski

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks