oski | e5c692ae3dc9c88bd07613f088686835c2e4ea2755c6abbdc01bac7bce5b924a | Triage

Sharing

General

Target

3c7485ba08cb4cb5c9af2fd0e670efee
Size

1.1MB
Sample

240101-k3mq7aaaf2
MD5

3c7485ba08cb4cb5c9af2fd0e670efee
SHA1

bb0a4d2f63e42b269f9d7b9b894fb731093cda9e
SHA256

e5c692ae3dc9c88bd07613f088686835c2e4ea2755c6abbdc01bac7bce5b924a
SHA512

8a8095eb685cbbf0cbed9c4cc11bd4b86d56c60922a6625dc86546f37dfe0c356a4066832e2e60083342c1a1e3749d6ca2f09c894779f055fac9e9c8c03b43c0
SSDEEP

12288:Hg5BQaiYOSaDV5bvh2days0tGLKe+ML+QrX/6GXVUJsSgWiE9Y:A5BQaT2DLNl90tGn+hQr/nsn9Y

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

2tril.com

Targets

- Target
  
  3c7485ba08cb4cb5c9af2fd0e670efee
- Size
  
  1.1MB
- MD5
  
  3c7485ba08cb4cb5c9af2fd0e670efee
- SHA1
  
  bb0a4d2f63e42b269f9d7b9b894fb731093cda9e
- SHA256
  
  e5c692ae3dc9c88bd07613f088686835c2e4ea2755c6abbdc01bac7bce5b924a
- SHA512
  
  8a8095eb685cbbf0cbed9c4cc11bd4b86d56c60922a6625dc86546f37dfe0c356a4066832e2e60083342c1a1e3749d6ca2f09c894779f055fac9e9c8c03b43c0
- SSDEEP
  
  12288:Hg5BQaiYOSaDV5bvh2days0tGLKe+ML+QrX/6GXVUJsSgWiE9Y:A5BQaT2DLNl90tGn+hQr/nsn9Y
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealerspywarestealer

behavioral2

oskiinfostealerspywarestealer