oski | 6f7e9f7592b5f984d3c6a7233f5f3b483593aa1dc1e9aea19d1477f2214fe48c | Triage

Sharing

General

Target

4e849d1441cd9db1675e9259e0233552
Size

1.4MB
Sample

240109-rkndbscaer
MD5

4e849d1441cd9db1675e9259e0233552
SHA1

05d51a132a5cc55bf5dc1b0c3c71583d09b41928
SHA256

6f7e9f7592b5f984d3c6a7233f5f3b483593aa1dc1e9aea19d1477f2214fe48c
SHA512

b4f820f1c74eb7bc6aee81be798d5127eae1e862329c52af6f089f3ce4a463c524b611963e943a598cd14f269afca508fb46331efef9ec054f75a41e7cf8afdc
SSDEEP

24576:WzbGHAzHAjX1zcLgoFifXiBiRXInRzxgqaqfR3hxjkY9bFX:WziHIFEMIyKEzKqaqfR3b5H

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Language

xlm4.0

Source

Extracted

Family

oski

C2

irkark.xyz

Targets

- Target
  
  4e849d1441cd9db1675e9259e0233552
- Size
  
  1.4MB
- MD5
  
  4e849d1441cd9db1675e9259e0233552
- SHA1
  
  05d51a132a5cc55bf5dc1b0c3c71583d09b41928
- SHA256
  
  6f7e9f7592b5f984d3c6a7233f5f3b483593aa1dc1e9aea19d1477f2214fe48c
- SHA512
  
  b4f820f1c74eb7bc6aee81be798d5127eae1e862329c52af6f089f3ce4a463c524b611963e943a598cd14f269afca508fb46331efef9ec054f75a41e7cf8afdc
- SSDEEP
  
  24576:WzbGHAzHAjX1zcLgoFifXiBiRXInRzxgqaqfR3hxjkY9bFX:WziHIFEMIyKEzKqaqfR3b5H
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

oskiinfostealerspywarestealer