oski | f97f6b0ddaeec2698ad2d2403031fab366438bc8a046a7d29b3f0ae801c41f37 | Triage

Sharing

General

Target

3e8e29ab05cb639a6400da227edcb95d
Size

801KB
Sample

240102-vtcvqsafcn
MD5

3e8e29ab05cb639a6400da227edcb95d
SHA1

2025890310d262b7ed6a9ef278ad31451408e497
SHA256

f97f6b0ddaeec2698ad2d2403031fab366438bc8a046a7d29b3f0ae801c41f37
SHA512

306f5b94f8a91021cf60acde59059089c392b0a89082a1de881dc6974bbd8d21416a117574ae24882aa203aa99473e83bc369887880d422f866b646ae2450dba
SSDEEP

12288:4ooR65AXwgFvuSSPsLk0mvqc/YZUKQ4cnXbbb9qnkMqIwaCYKQYFCD8:JoR6qgnvq+n74+DokMqZFvtCY

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

marbellacabs.com/hao/

Targets

- Target
  
  3e8e29ab05cb639a6400da227edcb95d
- Size
  
  801KB
- MD5
  
  3e8e29ab05cb639a6400da227edcb95d
- SHA1
  
  2025890310d262b7ed6a9ef278ad31451408e497
- SHA256
  
  f97f6b0ddaeec2698ad2d2403031fab366438bc8a046a7d29b3f0ae801c41f37
- SHA512
  
  306f5b94f8a91021cf60acde59059089c392b0a89082a1de881dc6974bbd8d21416a117574ae24882aa203aa99473e83bc369887880d422f866b646ae2450dba
- SSDEEP
  
  12288:4ooR65AXwgFvuSSPsLk0mvqc/YZUKQ4cnXbbb9qnkMqIwaCYKQYFCD8:JoR6qgnvq+n74+DokMqZFvtCY
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealerspywarestealer

behavioral2

oskiinfostealerspywarestealer