Overview

overview

10

Static

static

3

5cd29d239d...54.xll

windows7-x64

7

5cd29d239d...54.xll

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5cd29d239d3f04b7e1cb461fb2163a54

  • Size

    882KB

  • Sample

    240115-matedaehg2

  • MD5

    5cd29d239d3f04b7e1cb461fb2163a54

  • SHA1

    19e0178a22a65e575ffa116b0bb4968159ace31f

  • SHA256

    b658ce4e95ffaa7288d69749ff05fa0073b68281bda83fbfb846ec77e9412ff1

  • SHA512

    761f33d326d1788f5fb148bff5ad3abafe2bccb308988fe3d617b34a0ac83127fa35c7591c7a11c109b95a9514253e84583a6075e0cc96455ff75ca2cbaaef6d

  • SSDEEP

    12288:Pn/zDvGHAykHSzLW/4+8bzbBSreMddhgFK/UqWgaHv2prIsma4KAzya13Ui/vWng:3zbGHAzHAjX1QcLgaHv6bmaXkGi/vW

Score
10/10
oskiinfostealerspywarestealer

Malware Config

Extracted

Language
xlm4.0
Source

Extracted

Family

oski

C2

nedu1994.xyz

Targets

    • Target

      5cd29d239d3f04b7e1cb461fb2163a54

    • Size

      882KB

    • MD5

      5cd29d239d3f04b7e1cb461fb2163a54

    • SHA1

      19e0178a22a65e575ffa116b0bb4968159ace31f

    • SHA256

      b658ce4e95ffaa7288d69749ff05fa0073b68281bda83fbfb846ec77e9412ff1

    • SHA512

      761f33d326d1788f5fb148bff5ad3abafe2bccb308988fe3d617b34a0ac83127fa35c7591c7a11c109b95a9514253e84583a6075e0cc96455ff75ca2cbaaef6d

    • SSDEEP

      12288:Pn/zDvGHAykHSzLW/4+8bzbBSreMddhgFK/UqWgaHv2prIsma4KAzya13Ui/vWng:3zbGHAzHAjX1QcLgaHv6bmaXkGi/vW

    Score
    10/10
    oskiinfostealerspywarestealer

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

      infostealeroski

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks