oski | fd16c60e634e807f6bbb7c3e6e12a4231b7b34851eb98d6da2f178b6125c536f | Triage

Sharing

General

Target

3c0aae14c733b8f3b5f15d3f066e343d
Size

1.1MB
Sample

240101-gfqmsafcc9
MD5

3c0aae14c733b8f3b5f15d3f066e343d
SHA1

a75840830a4a95f779809f4d52ad7328de9e4c6f
SHA256

fd16c60e634e807f6bbb7c3e6e12a4231b7b34851eb98d6da2f178b6125c536f
SHA512

d97683d0a10a9e4131e0212e0d030bac4237402704da24b20997ae48abbf71d04a3d703d1b2b8c79875d15f0c16ba8868888a08b26eaaac96454175a99fa3700
SSDEEP

12288:O/8XZuGwgtGb74uChgDCe83dHY3XJEkKBiy8CalBmNWab9UXvBJZQ63GvIZDgQ:O/g5g74nGDCJxWXSfBihmECSfBJ

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

kckark.xyz

Targets

- Target
  
  3c0aae14c733b8f3b5f15d3f066e343d
- Size
  
  1.1MB
- MD5
  
  3c0aae14c733b8f3b5f15d3f066e343d
- SHA1
  
  a75840830a4a95f779809f4d52ad7328de9e4c6f
- SHA256
  
  fd16c60e634e807f6bbb7c3e6e12a4231b7b34851eb98d6da2f178b6125c536f
- SHA512
  
  d97683d0a10a9e4131e0212e0d030bac4237402704da24b20997ae48abbf71d04a3d703d1b2b8c79875d15f0c16ba8868888a08b26eaaac96454175a99fa3700
- SSDEEP
  
  12288:O/8XZuGwgtGb74uChgDCe83dHY3XJEkKBiy8CalBmNWab9UXvBJZQ63GvIZDgQ:O/g5g74nGDCJxWXSfBihmECSfBJ
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealer

behavioral2

oskiinfostealerspywarestealer