General

  • Target

    8871c881e9c6107e9ea7389e47b15a40

  • Size

    1.2MB

  • Sample

    240202-d4e96sfbcq

  • MD5

    8871c881e9c6107e9ea7389e47b15a40

  • SHA1

    1423885ed68f29354882c9d34ccce0ae3d32f234

  • SHA256

    fd7a0cea676ea7114f56d5732307f5caf5444c7da5f961066c9289ed5fc766fc

  • SHA512

    b48b09423115fe7992f8a85e4c81a1423a6b7aa6dd1ecd763bc7ac7077fa86bd85854bd1623f27010b05fd291891947b8b32223e0f0ca926a2c80d0df85d357e

  • SSDEEP

    24576:Zy86mOmxVc5GdjjISb28ldt7iY2MnEBYjCv2I1QmgWmgYlSZt:T6CLt2YNqYGeCCMt

Malware Config

Extracted

Language
xlm4.0
Source

Extracted

Family

oski

C2

himarkh.xyz

Targets

    • Target

      PURCHASE ORDER AZAS112.xls.xll

    • Size

      880KB

    • MD5

      4ebc548df517cae4c7e3122e9c75ede6

    • SHA1

      6e19e1e6f3a7b96cf562c2f6768f92580652d427

    • SHA256

      6c67e1ccf77b872b1f3cf257a257d75c4995dc079945080f578b51357ccdbe55

    • SHA512

      359be199470a83ad32db555840c5b33a6b69db96cc188d83d550639fe9fe75464529819fdf0cded9d489cb7ba03802667ac373d3ad2a3f7e4069b023c8508290

    • SSDEEP

      24576:/zbGHAzHAjX1BcLgtBoKF0KihRPX0qFNE:/ziHILEV6Fm

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks