oski | c76856f53bc950964cb30f0b48e80964b5162660608794d25ee919ce795796ba | Triage

Sharing

General

Target

c9626ce54f97b0bc2270eb091952ea53
Size

709KB
Sample

240314-xtgj2ace2t
MD5

c9626ce54f97b0bc2270eb091952ea53
SHA1

21ee67939e626714aaeaa78d4c6010cbb0e19b7e
SHA256

c76856f53bc950964cb30f0b48e80964b5162660608794d25ee919ce795796ba
SHA512

06cab2593ced532f345cec2cd37ab5fc2135929580a41c6f10343926818465b1ecf1997b3b0fe45bded95e8e3c6258540a01d5c9b80f42b83309ee6b0befff43
SSDEEP

12288:3LJu0WF/vuVlFUlat1mVeAc8CVijLA6s691+U/Ub1XQKAaC0fuke:7Jq8a5exdVijL7191t/UbZC

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

try.divendesign.in

Targets

- Target
  
  c9626ce54f97b0bc2270eb091952ea53
- Size
  
  709KB
- MD5
  
  c9626ce54f97b0bc2270eb091952ea53
- SHA1
  
  21ee67939e626714aaeaa78d4c6010cbb0e19b7e
- SHA256
  
  c76856f53bc950964cb30f0b48e80964b5162660608794d25ee919ce795796ba
- SHA512
  
  06cab2593ced532f345cec2cd37ab5fc2135929580a41c6f10343926818465b1ecf1997b3b0fe45bded95e8e3c6258540a01d5c9b80f42b83309ee6b0befff43
- SSDEEP
  
  12288:3LJu0WF/vuVlFUlat1mVeAc8CVijLA6s691+U/Ub1XQKAaC0fuke:7Jq8a5exdVijL7191t/UbZC
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealer

behavioral2

oskiinfostealerspywarestealer