oski | c0a28f12669aa6c5b1846e0e00a85806281911ff3c41817d6b912ac2ca9d7cf5 | Triage

Sharing

General

Target

a6d680a1f920defdc3723fbf65b27924
Size

914KB
Sample

240226-t9r4xsbd9s
MD5

a6d680a1f920defdc3723fbf65b27924
SHA1

b9aab4c0e7164c1a05aa61a2f69cfa32be802607
SHA256

c0a28f12669aa6c5b1846e0e00a85806281911ff3c41817d6b912ac2ca9d7cf5
SHA512

fe3f2d47a001bd35704ecaeb44ae02a60542df009e5bc848e3e0a294a06e7a9bf0e8f16b7a41169fe5060f09e09247a1902e8ff73c95499c41bc6d9308e144be
SSDEEP

12288:Hm40TIcHHXUMcg+H1twu8msICrwtBiq8uWutD6sOAeCP2Dc9F3nC0Py3gAhw:4hHHX9f4YwNi8W2yAeCPP

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

kckark.xyz

Targets

- Target
  
  a6d680a1f920defdc3723fbf65b27924
- Size
  
  914KB
- MD5
  
  a6d680a1f920defdc3723fbf65b27924
- SHA1
  
  b9aab4c0e7164c1a05aa61a2f69cfa32be802607
- SHA256
  
  c0a28f12669aa6c5b1846e0e00a85806281911ff3c41817d6b912ac2ca9d7cf5
- SHA512
  
  fe3f2d47a001bd35704ecaeb44ae02a60542df009e5bc848e3e0a294a06e7a9bf0e8f16b7a41169fe5060f09e09247a1902e8ff73c95499c41bc6d9308e144be
- SSDEEP
  
  12288:Hm40TIcHHXUMcg+H1twu8msICrwtBiq8uWutD6sOAeCP2Dc9F3nC0Py3gAhw:4hHHX9f4YwNi8W2yAeCPP
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealer

behavioral2

oskiinfostealerspywarestealer