oski | 10410848d808e42758883ff2045ac5b10d16ad3d4155771483f0aba1f245a6e4 | Triage

Sharing

General

Target

b556492c8d162c4180c0c6a5c07e6abb
Size

678KB
Sample

240305-wr81tsec38
MD5

b556492c8d162c4180c0c6a5c07e6abb
SHA1

eb369158b45401422f550ca727c2b5a610bc7ab8
SHA256

10410848d808e42758883ff2045ac5b10d16ad3d4155771483f0aba1f245a6e4
SHA512

58ba5e137396a6c285033af96c01aae61983bed7cd9bb62047c554bcd63f8305f6725242851ff673d0861fe1f8a56ed8129189c652ef48799b51529dff289fec
SSDEEP

12288:NXJNqcCx+8+/iMuzbe3hO2dVy3whNMgfTNBnefBgyC5+Wyco3zzpUdv5ho:N+e/UzbEhOqVqwzxQfWcw

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

zzz.divendesign.in

Targets

- Target
  
  b556492c8d162c4180c0c6a5c07e6abb
- Size
  
  678KB
- MD5
  
  b556492c8d162c4180c0c6a5c07e6abb
- SHA1
  
  eb369158b45401422f550ca727c2b5a610bc7ab8
- SHA256
  
  10410848d808e42758883ff2045ac5b10d16ad3d4155771483f0aba1f245a6e4
- SHA512
  
  58ba5e137396a6c285033af96c01aae61983bed7cd9bb62047c554bcd63f8305f6725242851ff673d0861fe1f8a56ed8129189c652ef48799b51529dff289fec
- SSDEEP
  
  12288:NXJNqcCx+8+/iMuzbe3hO2dVy3whNMgfTNBnefBgyC5+Wyco3zzpUdv5ho:N+e/UzbEhOqVqwzxQfWcw
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealer

behavioral2

oskiinfostealerspywarestealer