General

  • Target

    99bbdbd8879083ba521c9198efabe4d9

  • Size

    813KB

  • Sample

    240213-v4rrmsea2s

  • MD5

    99bbdbd8879083ba521c9198efabe4d9

  • SHA1

    f676ffeee043f5083f946955fb99cb2eaa85ebaa

  • SHA256

    e32f29fd3d764d021e15bc4d9dfa6b5eadbe466cda03b27903863e03b49efdf1

  • SHA512

    5b50c9d39482eba324540dd8130bd76f863c27025600743089a7ac25c8ecd48363a02bc04d6dca357c870ad2c6cc199738a827c5a167d7546d3f6a6defe92e0a

  • SSDEEP

    12288:BGjZ6FArZSoR65AXwgFvuSSrIRW95Qq/+TYkDYFXEqQhSjRuukMBKQ21c4N8Vo7b:ToR6qgnfRFXEVi4QkPw5

Malware Config

Extracted

Family

oski

C2

103.199.16.91/www/

Targets

    • Target

      99bbdbd8879083ba521c9198efabe4d9

    • Size

      813KB

    • MD5

      99bbdbd8879083ba521c9198efabe4d9

    • SHA1

      f676ffeee043f5083f946955fb99cb2eaa85ebaa

    • SHA256

      e32f29fd3d764d021e15bc4d9dfa6b5eadbe466cda03b27903863e03b49efdf1

    • SHA512

      5b50c9d39482eba324540dd8130bd76f863c27025600743089a7ac25c8ecd48363a02bc04d6dca357c870ad2c6cc199738a827c5a167d7546d3f6a6defe92e0a

    • SSDEEP

      12288:BGjZ6FArZSoR65AXwgFvuSSrIRW95Qq/+TYkDYFXEqQhSjRuukMBKQ21c4N8Vo7b:ToR6qgnfRFXEVi4QkPw5

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks