oski | 64317045686f2cc6fca84d4b469a5e65f7a48ba8cd2a55817c8040833f42ebf8 | Triage

Sharing

General

Target

b0d480d34cdcbaf1e8514e9ae6ff17c8
Size

735KB
Sample

240304-ba9ktadd5y
MD5

b0d480d34cdcbaf1e8514e9ae6ff17c8
SHA1

6c6e06311c2fc21ada0e6a55dfc6b86e701129b2
SHA256

64317045686f2cc6fca84d4b469a5e65f7a48ba8cd2a55817c8040833f42ebf8
SHA512

6a8b05ba0e4bff2aee18f2d130f3f986f5231786e5bc3ccbb1de508737a4af145fa4f5c1733cbe7dd57e6a9f659f1307d13e641e8a78fa97013b7be1a45d2290
SSDEEP

12288:gD5bqVFsMm0HcN6WgjdyJ/8+LkHAi+nzk7FaZWbA4me6m1Dl5ZFHEXcRIQoovasF:gwVFsMp8NfMEJFaJuzkaWAr9Gl5Z/7oe

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

irkark.xyz

Targets

- Target
  
  b0d480d34cdcbaf1e8514e9ae6ff17c8
- Size
  
  735KB
- MD5
  
  b0d480d34cdcbaf1e8514e9ae6ff17c8
- SHA1
  
  6c6e06311c2fc21ada0e6a55dfc6b86e701129b2
- SHA256
  
  64317045686f2cc6fca84d4b469a5e65f7a48ba8cd2a55817c8040833f42ebf8
- SHA512
  
  6a8b05ba0e4bff2aee18f2d130f3f986f5231786e5bc3ccbb1de508737a4af145fa4f5c1733cbe7dd57e6a9f659f1307d13e641e8a78fa97013b7be1a45d2290
- SSDEEP
  
  12288:gD5bqVFsMm0HcN6WgjdyJ/8+LkHAi+nzk7FaZWbA4me6m1Dl5ZFHEXcRIQoovasF:gwVFsMp8NfMEJFaJuzkaWAr9Gl5Z/7oe
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

oskiinfostealerspywarestealer