General

  • Target

    807a927252237ee6436724cbbcd05fa0

  • Size

    732KB

  • Sample

    240129-wdvw2sghfq

  • MD5

    807a927252237ee6436724cbbcd05fa0

  • SHA1

    2344ad154e7d098704278cd5e28fccd29a9dec15

  • SHA256

    a03b45dabcaf812402454befd876b2eafbdf9e967f3bb01e66f33f3cabbdebd5

  • SHA512

    7f0bba03bd838900569e63bdab43e7caa3a1ab2d6744fcb9c38e7ca8914fcf31323b3db5d1ed2efdef1b5b5326f980c8712faef53ca6966c42318b20fd4bd541

  • SSDEEP

    12288:SPqqPtYaerpyXOSs1vJhzl7txF3gSEyI32u6Yaer:wMrpW6vfl7hpE7mmr

Malware Config

Extracted

Family

oski

C2

zau.divendesign.in

Targets

    • Target

      807a927252237ee6436724cbbcd05fa0

    • Size

      732KB

    • MD5

      807a927252237ee6436724cbbcd05fa0

    • SHA1

      2344ad154e7d098704278cd5e28fccd29a9dec15

    • SHA256

      a03b45dabcaf812402454befd876b2eafbdf9e967f3bb01e66f33f3cabbdebd5

    • SHA512

      7f0bba03bd838900569e63bdab43e7caa3a1ab2d6744fcb9c38e7ca8914fcf31323b3db5d1ed2efdef1b5b5326f980c8712faef53ca6966c42318b20fd4bd541

    • SSDEEP

      12288:SPqqPtYaerpyXOSs1vJhzl7txF3gSEyI32u6Yaer:wMrpW6vfl7hpE7mmr

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks