oski | 6c67e1ccf77b872b1f3cf257a257d75c4995dc079945080f578b51357ccdbe55 | Triage

Sharing

General

Target

4ebc548df517cae4c7e3122e9c75ede6
Size

880KB
Sample

240109-td7jqsehf4
MD5

4ebc548df517cae4c7e3122e9c75ede6
SHA1

6e19e1e6f3a7b96cf562c2f6768f92580652d427
SHA256

6c67e1ccf77b872b1f3cf257a257d75c4995dc079945080f578b51357ccdbe55
SHA512

359be199470a83ad32db555840c5b33a6b69db96cc188d83d550639fe9fe75464529819fdf0cded9d489cb7ba03802667ac373d3ad2a3f7e4069b023c8508290
SSDEEP

24576:/zbGHAzHAjX1BcLgtBoKF0KihRPX0qFNE:/ziHILEV6Fm

Score

10^/10

oski infostealer

Malware Config

Extracted

Language

xlm4.0

Source

Extracted

Family

oski

C2

himarkh.xyz

Targets

- Target
  
  4ebc548df517cae4c7e3122e9c75ede6
- Size
  
  880KB
- MD5
  
  4ebc548df517cae4c7e3122e9c75ede6
- SHA1
  
  6e19e1e6f3a7b96cf562c2f6768f92580652d427
- SHA256
  
  6c67e1ccf77b872b1f3cf257a257d75c4995dc079945080f578b51357ccdbe55
- SHA512
  
  359be199470a83ad32db555840c5b33a6b69db96cc188d83d550639fe9fe75464529819fdf0cded9d489cb7ba03802667ac373d3ad2a3f7e4069b023c8508290
- SSDEEP
  
  24576:/zbGHAzHAjX1BcLgtBoKF0KihRPX0qFNE:/ziHILEV6Fm
Score

10^/10

oski infostealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

oskiinfostealer