General

  • Target

    8663ed0caec9adcb980a4a7ea23e7984

  • Size

    1.3MB

  • Sample

    240201-j7m23shcel

  • MD5

    8663ed0caec9adcb980a4a7ea23e7984

  • SHA1

    e6dcb19362e88b50ab1990e7032437072f104e98

  • SHA256

    bbe006688e5f74473a5e248bc83651cbb7e9efbe8410abb8d8b84b4a59ed7750

  • SHA512

    fd75e6bde035e103e84322411ca7b4107f1673d03170b940af3066f9f4eb58b063ec244302c8dccab87f5816e2b55a177dc1c1d7f498742fd8e0f24fb64317a9

  • SSDEEP

    24576:0+Mt76DOkfx8Dgyfx8DgYd6ph9Jxg6AQ9l3zIiLsLznD9IzlTwDZYLL:Ot76B58Dgy58DgYd6XbxglkDIiLsLzng

Malware Config

Extracted

Family

oski

C2

fine.le-pearl.com

Targets

    • Target

      8663ed0caec9adcb980a4a7ea23e7984

    • Size

      1.3MB

    • MD5

      8663ed0caec9adcb980a4a7ea23e7984

    • SHA1

      e6dcb19362e88b50ab1990e7032437072f104e98

    • SHA256

      bbe006688e5f74473a5e248bc83651cbb7e9efbe8410abb8d8b84b4a59ed7750

    • SHA512

      fd75e6bde035e103e84322411ca7b4107f1673d03170b940af3066f9f4eb58b063ec244302c8dccab87f5816e2b55a177dc1c1d7f498742fd8e0f24fb64317a9

    • SSDEEP

      24576:0+Mt76DOkfx8Dgyfx8DgYd6ph9Jxg6AQ9l3zIiLsLznD9IzlTwDZYLL:Ot76B58Dgy58DgYd6XbxglkDIiLsLzng

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks