oski | 1ace37875191bb1b5cf5c0c2a566dbc1894c8931f49e4f41bfd9c604e281edd0 | Triage

Sharing

General

Target

c397c65e36e5f74b61bb8c7f442b445a
Size

248KB
Sample

240312-rrc6yaag8s
MD5

c397c65e36e5f74b61bb8c7f442b445a
SHA1

cc4d1dce5399acbc92d525ee8e055b6127e222c1
SHA256

1ace37875191bb1b5cf5c0c2a566dbc1894c8931f49e4f41bfd9c604e281edd0
SHA512

2d5d328402ecfc18145649f7e4e286aa2f07241a95777ea8444a33a3d9250f3acdbac69ea6ddcf6600eac0b047b57dbec21ec0bb371fabcdb56941b7270cc41a
SSDEEP

6144:ZekDF04qRSHSwWUbIr7kpuSP3jwg0eAVFk8Epg7gBuA:ZxF0ZSFgQpzPTwg0b5uOgN

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

mazooyaar.ac.ug

Targets

- Target
  
  c397c65e36e5f74b61bb8c7f442b445a
- Size
  
  248KB
- MD5
  
  c397c65e36e5f74b61bb8c7f442b445a
- SHA1
  
  cc4d1dce5399acbc92d525ee8e055b6127e222c1
- SHA256
  
  1ace37875191bb1b5cf5c0c2a566dbc1894c8931f49e4f41bfd9c604e281edd0
- SHA512
  
  2d5d328402ecfc18145649f7e4e286aa2f07241a95777ea8444a33a3d9250f3acdbac69ea6ddcf6600eac0b047b57dbec21ec0bb371fabcdb56941b7270cc41a
- SSDEEP
  
  6144:ZekDF04qRSHSwWUbIr7kpuSP3jwg0eAVFk8Epg7gBuA:ZxF0ZSFgQpzPTwg0b5uOgN
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealerspywarestealer

behavioral2

oskiinfostealerspywarestealer