General

  • Target

    856df5370f692333d93945dc1c5483a5

  • Size

    449KB

  • Sample

    240201-aktfxafca9

  • MD5

    856df5370f692333d93945dc1c5483a5

  • SHA1

    e12467610e93a1dd1be3fce6da60f47dcffccbe1

  • SHA256

    2eb191ee2a979725dd5fccac5a356c688a234f55f95c74b4f8eacfcd35b74ca1

  • SHA512

    9d1d7a1f54c8081956458a3e6323d9f42f5cc5fbf3c2b8893d24eebb8129c1e848760fe788d9b1960d1d83dcc04f62fdba49666d91208efc1e7808ff6f90a6f1

  • SSDEEP

    12288:aiY7JNv5Z59GOIg+mOPY/egJy4X4AN1WMymx7:i7drL+mgY/TJ4ANf9

Malware Config

Extracted

Family

oski

C2

edkark.xyz

Targets

    • Target

      Items.exe

    • Size

      444KB

    • MD5

      d62e7eaa8e9524f1094f2ee37b31c09f

    • SHA1

      51e9baed09ebf7407f8a01d34dca55ee0c4ca4fa

    • SHA256

      6f9991b2dbb68f2cb2f1846a641e54857cc5a1b3f683e7883ac85e3a040987d1

    • SHA512

      9ce436aab531a981392a3f00fc359a9fd6e36c10b4a24437c3ab60693ac4c6e3a0927ac0f174027bb5598b71ad0074aceaaaf4e3366cb13ec678636be1a56bc5

    • SSDEEP

      12288:wftNDGolZaBiJ18uFxhSGevmVoF10YlrWn:U1HJ1JiGeeVglk

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks