General

  • Target

    8e771b25550073599c67601bad91b7b4

  • Size

    1017KB

  • Sample

    240204-hb6nwabfa7

  • MD5

    8e771b25550073599c67601bad91b7b4

  • SHA1

    0190b8be28d87e6b59a7b1b1d0d0cb78a199b9d6

  • SHA256

    c0765fd53d64c425a848b89fa1168552fd2cae90984cfa14c0b7d4e0789fece7

  • SHA512

    33d0c0f09154168ccce1c2090c12a894a853af3195c01dd3ab9cafb575b2792bdcc4a836108c2341f6b09ab349dd5630efffd94ef4b68a08520e2d46f60e423b

  • SSDEEP

    24576:Q+FuI0ZV/d3I42PFQ/ry2hsof85X1/+GtdHN7HH2V:rJCDhBf85l/RjHH

Malware Config

Extracted

Family

oski

C2

fine.le-pearl.com

Targets

    • Target

      8e771b25550073599c67601bad91b7b4

    • Size

      1017KB

    • MD5

      8e771b25550073599c67601bad91b7b4

    • SHA1

      0190b8be28d87e6b59a7b1b1d0d0cb78a199b9d6

    • SHA256

      c0765fd53d64c425a848b89fa1168552fd2cae90984cfa14c0b7d4e0789fece7

    • SHA512

      33d0c0f09154168ccce1c2090c12a894a853af3195c01dd3ab9cafb575b2792bdcc4a836108c2341f6b09ab349dd5630efffd94ef4b68a08520e2d46f60e423b

    • SSDEEP

      24576:Q+FuI0ZV/d3I42PFQ/ry2hsof85X1/+GtdHN7HH2V:rJCDhBf85l/RjHH

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks