General

  • Target

    46f15c4ca1653bb8438cfbaa7baa8338

  • Size

    1.2MB

  • Sample

    240106-xhvbrafbf4

  • MD5

    46f15c4ca1653bb8438cfbaa7baa8338

  • SHA1

    0ef1f16d4af287c5ea7bed4fe75ef7ee5d292595

  • SHA256

    2a2c3fd0f6ac0e3ec3c7a9250c85448ff0443338af998cf9179381bacc7a70f3

  • SHA512

    5b6c80ad1f8fcb078072aa259bb3f064431f9d5ba942391a0c3a6a73d95ec872225733f9f0782cd0e5e7bdf5014eebb4f8d4410fa5ac56d0e02f1587fdc74d9a

  • SSDEEP

    24576:M86mOmxVc5GdjjISb27ldt7iY2M3ClycnWAl3iw3OGy:b6Ckt2YNSlyUdVy

Malware Config

Extracted

Language
xlm4.0
Source

Extracted

Family

oski

C2

chikkark.xyz

Targets

    • Target

      RFQ 6020943651-FOR-ATENS.xls.xll

    • Size

      879KB

    • MD5

      2344d5013ae84f4d70bf359575fba402

    • SHA1

      ed763a02ea15c388ec462cb9a4dfba22d0248631

    • SHA256

      338ffcde4891ef19f8b2974f2a9188e14a90f592322c8fb07acb662b57b35771

    • SHA512

      0d532edf4d2a6d2daab537dcb8e8e1b50cb0b27c3b0e4745b9748a06ecc287f025c77e1ee68172454b63a916e66bb611a930e2a0d22c1ff5922d2e98121e0a3d

    • SSDEEP

      24576:pzbGHAzHAjX1lcLgUarYin3qy8sCwFCvlFC:pziHIvEzn3qy8QFW

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks