General

  • Target

    7536b74c17754363799df14fe70d3a92

  • Size

    995KB

  • Sample

    240125-w62v3acha6

  • MD5

    7536b74c17754363799df14fe70d3a92

  • SHA1

    790969675e8cec28cf19c18625dd764884459b01

  • SHA256

    60d1297adb502d942493a794945336aea891d2c321476ef3349ac07726fca7c3

  • SHA512

    8f706b646a4a9c3549ffda3e14bfe5724c3287e0f4dfbe853888c7e529dedaccd00af2ed933fe1e7d21de26b88b96f2ffe08319570751215975f0a3524a4e8fd

  • SSDEEP

    12288:be4t9eZHlEWAxjvsMF3mKAk618T7xlkvvyrmT9EXvStCgEfW54n2iN1T:beVOsMdl6ixlYdT9So0e6n1H

Malware Config

Extracted

Family

oski

C2

http://2.56.59.226/www/

Targets

    • Target

      7536b74c17754363799df14fe70d3a92

    • Size

      995KB

    • MD5

      7536b74c17754363799df14fe70d3a92

    • SHA1

      790969675e8cec28cf19c18625dd764884459b01

    • SHA256

      60d1297adb502d942493a794945336aea891d2c321476ef3349ac07726fca7c3

    • SHA512

      8f706b646a4a9c3549ffda3e14bfe5724c3287e0f4dfbe853888c7e529dedaccd00af2ed933fe1e7d21de26b88b96f2ffe08319570751215975f0a3524a4e8fd

    • SSDEEP

      12288:be4t9eZHlEWAxjvsMF3mKAk618T7xlkvvyrmT9EXvStCgEfW54n2iN1T:beVOsMdl6ixlYdT9So0e6n1H

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks