oski | dd01ca4b5bfbe8ef00d23fd0c1227d58e7d6169a89e3f1ae9bbb4fbae46bfe21 | Triage

Sharing

General

Target

b146860b83e4b59ffb07dbbdff9b8e6d
Size

693KB
Sample

240304-fmnakabd27
MD5

b146860b83e4b59ffb07dbbdff9b8e6d
SHA1

06031a3261528c023af96b026e3f24589a46038c
SHA256

dd01ca4b5bfbe8ef00d23fd0c1227d58e7d6169a89e3f1ae9bbb4fbae46bfe21
SHA512

8e1c3a529fe9aa5364c07e97f0e7853384a3b4b22e5ffe4c374aff78c1352c4e05197d16e41ee3aef96ac0a83879e3f2f8fe721458baa2b292ed3f7e9cb60f45
SSDEEP

12288:jVzd4RiawLwA2ligMb9pxEC5HsabLBd4bfTp6MQNSKUnqAUGobngxaRYP:jpqRiawLGiV9pxHGavbUfIxY

Score

10^/10

oski infostealer

Malware Config

Extracted

Family

oski

C2

zbd.divendesign.in

Targets

- Target
  
  b146860b83e4b59ffb07dbbdff9b8e6d
- Size
  
  693KB
- MD5
  
  b146860b83e4b59ffb07dbbdff9b8e6d
- SHA1
  
  06031a3261528c023af96b026e3f24589a46038c
- SHA256
  
  dd01ca4b5bfbe8ef00d23fd0c1227d58e7d6169a89e3f1ae9bbb4fbae46bfe21
- SHA512
  
  8e1c3a529fe9aa5364c07e97f0e7853384a3b4b22e5ffe4c374aff78c1352c4e05197d16e41ee3aef96ac0a83879e3f2f8fe721458baa2b292ed3f7e9cb60f45
- SSDEEP
  
  12288:jVzd4RiawLwA2ligMb9pxEC5HsabLBd4bfTp6MQNSKUnqAUGobngxaRYP:jpqRiawLGiV9pxHGavbUfIxY
Score

10^/10

oski infostealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scripting

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Scripting

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealer

behavioral2

oskiinfostealer