oski | fa0ab33b2858424a74e0b8adaa205f38ebfd769701e4d05a84737d09e2cc358f | Triage

Sharing

General

Target

ad4b527e8240812756aa003af27b9e48
Size

909KB
Sample

240229-bcehfshf9y
MD5

ad4b527e8240812756aa003af27b9e48
SHA1

9c38bdefdb65b117987989eba0a2c2da19fee812
SHA256

fa0ab33b2858424a74e0b8adaa205f38ebfd769701e4d05a84737d09e2cc358f
SHA512

4d3086a06017744f779046630e02e58e1cbb5056764453bdc1af786048750b84407f1a6089f50e5b2652754f681758dd08eaa16fcc615fc1c033045c3d66dfa6
SSDEEP

12288:cvcsGI/clfB4MP7EmzCSrRUNx3cE8Fbg4AjGKyo/N9hHpZhNU65h2EObbU:cEZ4vmzrRU72bg4AttXPZQ+

Score

10^/10

oski infostealer

Malware Config

Extracted

Family

oski

C2

fredarlessonmark.com

Targets

- Target
  
  ad4b527e8240812756aa003af27b9e48
- Size
  
  909KB
- MD5
  
  ad4b527e8240812756aa003af27b9e48
- SHA1
  
  9c38bdefdb65b117987989eba0a2c2da19fee812
- SHA256
  
  fa0ab33b2858424a74e0b8adaa205f38ebfd769701e4d05a84737d09e2cc358f
- SHA512
  
  4d3086a06017744f779046630e02e58e1cbb5056764453bdc1af786048750b84407f1a6089f50e5b2652754f681758dd08eaa16fcc615fc1c033045c3d66dfa6
- SSDEEP
  
  12288:cvcsGI/clfB4MP7EmzCSrRUNx3cE8Fbg4AjGKyo/N9hHpZhNU65h2EObbU:cEZ4vmzrRU72bg4AttXPZQ+
Score

10^/10

oski infostealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scripting

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealer

behavioral2

oskiinfostealer